Vulnerability-Lookup

Vendor	Product	Description
Debian	N/A	Debian LTS buster versions antérieures à 5.10.209-2~deb10u1
Debian	N/A	Debian LTS buster versions antérieures à 5.10.218-1~deb10u1
Debian	N/A	Debian LTS buster versions antérieures à 5.10.216-1~deb10u1
Debian	N/A	Debian LTS buster versions antérieures à 4.19.316-1

CVE-2024-26782 (GCVE-0-2024-26782)

Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2025-05-04 08:56

Title

mptcp: fix double-free on socket dismantle

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on program exit it's possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609 Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013 Call Trace: <IRQ> dump_stack_lvl+0x32/0x50 print_report+0xca/0x620 kasan_report_invalid_free+0x64/0x90 __kasan_slab_free+0x1aa/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 rcu_do_batch+0x34e/0xd90 rcu_core+0x559/0xac0 __do_softirq+0x183/0x5a4 irq_exit_rcu+0x12d/0x170 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x175/0x300 Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000 RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588 RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080 R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0 R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80 cpuidle_enter+0x4a/0xa0 do_idle+0x310/0x410 cpu_startup_entry+0x51/0x60 start_secondary+0x211/0x270 secondary_startup_64_no_verify+0x184/0x18b </TASK> Allocated by task 6853: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 __kmalloc+0x1eb/0x450 cipso_v4_sock_setattr+0x96/0x360 netlbl_sock_setattr+0x132/0x1f0 selinux_netlbl_socket_post_create+0x6c/0x110 selinux_socket_post_create+0x37b/0x7f0 security_socket_post_create+0x63/0xb0 __sock_create+0x305/0x450 __sys_socket_create.part.23+0xbd/0x130 __sys_socket+0x37/0xb0 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 6858: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x12c/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 subflow_ulp_release+0x1f0/0x250 tcp_cleanup_ulp+0x6e/0x110 tcp_v4_destroy_sock+0x5a/0x3a0 inet_csk_destroy_sock+0x135/0x390 tcp_fin+0x416/0x5c0 tcp_data_queue+0x1bc8/0x4310 tcp_rcv_state_process+0x15a3/0x47b0 tcp_v4_do_rcv+0x2c1/0x990 tcp_v4_rcv+0x41fb/0x5ed0 ip_protocol_deliver_rcu+0x6d/0x9f0 ip_local_deliver_finish+0x278/0x360 ip_local_deliver+0x182/0x2c0 ip_rcv+0xb5/0x1c0 __netif_receive_skb_one_core+0x16e/0x1b0 process_backlog+0x1e3/0x650 __napi_poll+0xa6/0x500 net_rx_action+0x740/0xbb0 __do_softirq+0x183/0x5a4 The buggy address belongs to the object at ffff888485950880 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff888485950880, ffff8884859508c0) The buggy address belongs to the physical page: page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950 flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006 raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888485950780: fa fb fb ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f74362a004225df93…
	https://git.kernel.org/stable/c/4a4eeb6912538c2d0…
	https://git.kernel.org/stable/c/d93fd40c623973260…
	https://git.kernel.org/stable/c/ce0809ada38dca8d6…
	https://git.kernel.org/stable/c/85933e80d077c9ae2…
	https://git.kernel.org/stable/c/10048689def7e40a4…

Impacted products

Vendor

Product

Version

Linux

Affected: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be , < f74362a004225df935863dea6eb7d82daaa5b16e (git)
Affected: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be , < 4a4eeb6912538c2d0b158e8d11b62d96c1dada4e (git)
Affected: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be , < d93fd40c62397326046902a2c5cb75af50882a85 (git)
Affected: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be , < ce0809ada38dca8d6d41bb57ab40494855c30582 (git)
Affected: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be , < 85933e80d077c9ae2227226beb86c22f464059cc (git)
Affected: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be , < 10048689def7e40a4405acda16fdc6477d4ecc5c (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f74362a004225df935863dea6eb7d82daaa5b16e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a4eeb6912538c2d0b158e8d11b62d96c1dada4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d93fd40c62397326046902a2c5cb75af50882a85"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ce0809ada38dca8d6d41bb57ab40494855c30582"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/85933e80d077c9ae2227226beb86c22f464059cc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10048689def7e40a4405acda16fdc6477d4ecc5c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:51:05.325955Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:51.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f74362a004225df935863dea6eb7d82daaa5b16e",
              "status": "affected",
              "version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
              "versionType": "git"
            },
            {
              "lessThan": "4a4eeb6912538c2d0b158e8d11b62d96c1dada4e",
              "status": "affected",
              "version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
              "versionType": "git"
            },
            {
              "lessThan": "d93fd40c62397326046902a2c5cb75af50882a85",
              "status": "affected",
              "version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
              "versionType": "git"
            },
            {
              "lessThan": "ce0809ada38dca8d6d41bb57ab40494855c30582",
              "status": "affected",
              "version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
              "versionType": "git"
            },
            {
              "lessThan": "85933e80d077c9ae2227226beb86c22f464059cc",
              "status": "affected",
              "version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
              "versionType": "git"
            },
            {
              "lessThan": "10048689def7e40a4405acda16fdc6477d4ecc5c",
              "status": "affected",
              "version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix double-free on socket dismantle\n\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to \u0027inet_opt\u0027 for the new socket has the same\nvalue as the original one: as a consequence, on program exit it\u0027s possible\nto observe the following splat:\n\n  BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n  Free of addr ffff888485950880 by task swapper/25/0\n\n  CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n  Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0  07/26/2013\n  Call Trace:\n   \u003cIRQ\u003e\n   dump_stack_lvl+0x32/0x50\n   print_report+0xca/0x620\n   kasan_report_invalid_free+0x64/0x90\n   __kasan_slab_free+0x1aa/0x1f0\n   kfree+0xed/0x2e0\n   inet_sock_destruct+0x54f/0x8b0\n   __sk_destruct+0x48/0x5b0\n   rcu_do_batch+0x34e/0xd90\n   rcu_core+0x559/0xac0\n   __do_softirq+0x183/0x5a4\n   irq_exit_rcu+0x12d/0x170\n   sysvec_apic_timer_interrupt+0x6b/0x80\n   \u003c/IRQ\u003e\n   \u003cTASK\u003e\n   asm_sysvec_apic_timer_interrupt+0x16/0x20\n  RIP: 0010:cpuidle_enter_state+0x175/0x300\n  Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed \u003c0f\u003e 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n  RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n  RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n  RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n  RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n  R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n  R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n   cpuidle_enter+0x4a/0xa0\n   do_idle+0x310/0x410\n   cpu_startup_entry+0x51/0x60\n   start_secondary+0x211/0x270\n   secondary_startup_64_no_verify+0x184/0x18b\n   \u003c/TASK\u003e\n\n  Allocated by task 6853:\n   kasan_save_stack+0x1c/0x40\n   kasan_save_track+0x10/0x30\n   __kasan_kmalloc+0xa6/0xb0\n   __kmalloc+0x1eb/0x450\n   cipso_v4_sock_setattr+0x96/0x360\n   netlbl_sock_setattr+0x132/0x1f0\n   selinux_netlbl_socket_post_create+0x6c/0x110\n   selinux_socket_post_create+0x37b/0x7f0\n   security_socket_post_create+0x63/0xb0\n   __sock_create+0x305/0x450\n   __sys_socket_create.part.23+0xbd/0x130\n   __sys_socket+0x37/0xb0\n   __x64_sys_socket+0x6f/0xb0\n   do_syscall_64+0x83/0x160\n   entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n  Freed by task 6858:\n   kasan_save_stack+0x1c/0x40\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x3b/0x60\n   __kasan_slab_free+0x12c/0x1f0\n   kfree+0xed/0x2e0\n   inet_sock_destruct+0x54f/0x8b0\n   __sk_destruct+0x48/0x5b0\n   subflow_ulp_release+0x1f0/0x250\n   tcp_cleanup_ulp+0x6e/0x110\n   tcp_v4_destroy_sock+0x5a/0x3a0\n   inet_csk_destroy_sock+0x135/0x390\n   tcp_fin+0x416/0x5c0\n   tcp_data_queue+0x1bc8/0x4310\n   tcp_rcv_state_process+0x15a3/0x47b0\n   tcp_v4_do_rcv+0x2c1/0x990\n   tcp_v4_rcv+0x41fb/0x5ed0\n   ip_protocol_deliver_rcu+0x6d/0x9f0\n   ip_local_deliver_finish+0x278/0x360\n   ip_local_deliver+0x182/0x2c0\n   ip_rcv+0xb5/0x1c0\n   __netif_receive_skb_one_core+0x16e/0x1b0\n   process_backlog+0x1e3/0x650\n   __napi_poll+0xa6/0x500\n   net_rx_action+0x740/0xbb0\n   __do_softirq+0x183/0x5a4\n\n  The buggy address belongs to the object at ffff888485950880\n   which belongs to the cache kmalloc-64 of size 64\n  The buggy address is located 0 bytes inside of\n   64-byte region [ffff888485950880, ffff8884859508c0)\n\n  The buggy address belongs to the physical page:\n  page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n  flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n  page_type: 0xffffffff()\n  raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n  raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffff888485950780: fa fb fb\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:56:23.261Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f74362a004225df935863dea6eb7d82daaa5b16e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a4eeb6912538c2d0b158e8d11b62d96c1dada4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d93fd40c62397326046902a2c5cb75af50882a85"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce0809ada38dca8d6d41bb57ab40494855c30582"
        },
        {
          "url": "https://git.kernel.org/stable/c/85933e80d077c9ae2227226beb86c22f464059cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/10048689def7e40a4405acda16fdc6477d4ecc5c"
        }
      ],
      "title": "mptcp: fix double-free on socket dismantle",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26782",
    "datePublished": "2024-04-04T08:20:16.472Z",
    "dateReserved": "2024-02-19T14:20:24.177Z",
    "dateUpdated": "2025-05-04T08:56:23.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36008 (GCVE-0-2024-36008)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

ipv4: check for NULL idev in ip_route_use_hint()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result. [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425 Code: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 <42> 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf RSP: 0018:ffffc900015fee40 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0 RDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0 RBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000 R10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000 FS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231 ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327 ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline] ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638 ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673 __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline] __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620 __netif_receive_skb_list net/core/dev.c:5672 [inline] netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764 netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816 xdp_recv_frames net/bpf/test_run.c:257 [inline] xdp_test_run_batch net/bpf/test_run.c:335 [inline] bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363 bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376 bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736 __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115 __do_sys_bpf kernel/bpf/syscall.c:5201 [inline] __se_sys_bpf kernel/bpf/syscall.c:5199 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7da0f91681c4902bc…
	https://git.kernel.org/stable/c/03b5a9b2b526862b2…
	https://git.kernel.org/stable/c/7a25bfd12733a8f38…
	https://git.kernel.org/stable/c/8240c7308c941db4d…
	https://git.kernel.org/stable/c/c71ea3534ec0936fc…
	https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9…

Impacted products

Vendor

Product

Version

Linux

Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 7da0f91681c4902bc5c210356fdd963b04d5d1d4 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 03b5a9b2b526862b21bcc31976e393a6e63785d1 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 7a25bfd12733a8f38f8ca47c581f876c3d481ac0 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 8240c7308c941db4d9a0a91b54eca843c616a655 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < c71ea3534ec0936fc57e6fb271c7cc6a2f68c295 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:05:40.708798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:45.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7da0f91681c4902bc5c210356fdd963b04d5d1d4",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "03b5a9b2b526862b21bcc31976e393a6e63785d1",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "7a25bfd12733a8f38f8ca47c581f876c3d481ac0",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "8240c7308c941db4d9a0a91b54eca843c616a655",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "c71ea3534ec0936fc57e6fb271c7cc6a2f68c295",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: check for NULL idev in ip_route_use_hint()\n\nsyzbot was able to trigger a NULL deref in fib_validate_source()\nin an old tree [1].\n\nIt appears the bug exists in latest trees.\n\nAll calls to __in_dev_get_rcu() must be checked for a NULL result.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425\nCode: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 \u003c42\u003e 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf\nRSP: 0018:ffffc900015fee40 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0\nRDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0\nRBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000\nR10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000\nFS:  00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n  ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231\n  ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327\n  ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]\n  ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638\n  ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673\n  __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]\n  __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620\n  __netif_receive_skb_list net/core/dev.c:5672 [inline]\n  netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764\n  netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816\n  xdp_recv_frames net/bpf/test_run.c:257 [inline]\n  xdp_test_run_batch net/bpf/test_run.c:335 [inline]\n  bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363\n  bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376\n  bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736\n  __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115\n  __do_sys_bpf kernel/bpf/syscall.c:5201 [inline]\n  __se_sys_bpf kernel/bpf/syscall.c:5199 [inline]\n  __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:24.352Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
        },
        {
          "url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
        },
        {
          "url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
        }
      ],
      "title": "ipv4: check for NULL idev in ip_route_use_hint()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36008",
    "datePublished": "2024-05-20T09:48:07.596Z",
    "dateReserved": "2024-05-17T13:50:33.152Z",
    "dateUpdated": "2025-05-04T09:10:24.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26771 (GCVE-0-2024-26771)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-01-05 10:34

Title

dmaengine: ti: edma: Add some null pointer checks to the edma_probe

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c432094aa7c9970f2…
	https://git.kernel.org/stable/c/4fe4e5adc7d29d214…
	https://git.kernel.org/stable/c/9d508c897153ae8dd…
	https://git.kernel.org/stable/c/7b24760f3a3c7ae1a…
	https://git.kernel.org/stable/c/f2a5e30d1e9a629de…
	https://git.kernel.org/stable/c/6e2276203ac9ff10f…

Impacted products

Vendor

Product

Version

Linux

Affected: d4cb7f404247173e2c760a01bf06fd1016a8b0d4 , < c432094aa7c9970f2fa10d2305d550d3810657ce (git)
Affected: d4cb7f404247173e2c760a01bf06fd1016a8b0d4 , < 4fe4e5adc7d29d214c59b59f61db73dec505ca3d (git)
Affected: d4cb7f404247173e2c760a01bf06fd1016a8b0d4 , < 9d508c897153ae8dd79303f7f035f078139f6b49 (git)
Affected: d4cb7f404247173e2c760a01bf06fd1016a8b0d4 , < 7b24760f3a3c7ae1a176d343136b6c25174b7b27 (git)
Affected: d4cb7f404247173e2c760a01bf06fd1016a8b0d4 , < f2a5e30d1e9a629de6179fa23923a318d5feb29e (git)
Affected: d4cb7f404247173e2c760a01bf06fd1016a8b0d4 , < 6e2276203ac9ff10fc76917ec9813c660f627369 (git)

Linux

Affected: 4.4
Unaffected: 0 , < 4.4 (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26771",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-08T14:05:41.933267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:46.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/ti/edma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c432094aa7c9970f2fa10d2305d550d3810657ce",
              "status": "affected",
              "version": "d4cb7f404247173e2c760a01bf06fd1016a8b0d4",
              "versionType": "git"
            },
            {
              "lessThan": "4fe4e5adc7d29d214c59b59f61db73dec505ca3d",
              "status": "affected",
              "version": "d4cb7f404247173e2c760a01bf06fd1016a8b0d4",
              "versionType": "git"
            },
            {
              "lessThan": "9d508c897153ae8dd79303f7f035f078139f6b49",
              "status": "affected",
              "version": "d4cb7f404247173e2c760a01bf06fd1016a8b0d4",
              "versionType": "git"
            },
            {
              "lessThan": "7b24760f3a3c7ae1a176d343136b6c25174b7b27",
              "status": "affected",
              "version": "d4cb7f404247173e2c760a01bf06fd1016a8b0d4",
              "versionType": "git"
            },
            {
              "lessThan": "f2a5e30d1e9a629de6179fa23923a318d5feb29e",
              "status": "affected",
              "version": "d4cb7f404247173e2c760a01bf06fd1016a8b0d4",
              "versionType": "git"
            },
            {
              "lessThan": "6e2276203ac9ff10fc76917ec9813c660f627369",
              "status": "affected",
              "version": "d4cb7f404247173e2c760a01bf06fd1016a8b0d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/ti/edma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "lessThan": "4.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Add some null pointer checks to the edma_probe\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:25.356Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369"
        }
      ],
      "title": "dmaengine: ti: edma: Add some null pointer checks to the edma_probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26771",
    "datePublished": "2024-04-03T17:00:57.918Z",
    "dateReserved": "2024-02-19T14:20:24.175Z",
    "dateUpdated": "2026-01-05T10:34:25.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52604 (GCVE-0-2023-52604)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-01-05 10:16

Title

FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

Summary

In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e3e95c6850661c77e…
	https://git.kernel.org/stable/c/98f9537fe61b8382b…
	https://git.kernel.org/stable/c/de34de6e57bbbc868…
	https://git.kernel.org/stable/c/6fe8b702125aeee6c…
	https://git.kernel.org/stable/c/42f433785f108893d…
	https://git.kernel.org/stable/c/6a44065dd604972ec…
	https://git.kernel.org/stable/c/59342822276f753e4…
	https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e3e95c6850661c77e6dab079d9b5374a618ebb15 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 98f9537fe61b8382b3cc5dd97347531698517c56 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < de34de6e57bbbc868e4fcf9e98c76b3587cabb0b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6fe8b702125aeee6ce83f20092a2341446704e7b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 42f433785f108893de0dd5260bafb85d7d51db03 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6a44065dd604972ec1fbcccbdc4a70d266a89cdd (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 59342822276f753e49d27ef5eebffbba990572b9 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52604",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-06T19:11:36.244140Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:17.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3e95c6850661c77e6dab079d9b5374a618ebb15",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "98f9537fe61b8382b3cc5dd97347531698517c56",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6fe8b702125aeee6ce83f20092a2341446704e7b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "42f433785f108893de0dd5260bafb85d7d51db03",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "59342822276f753e49d27ef5eebffbba990572b9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6\nindex 196694 is out of range for type \u0027s8[1365]\u0027 (aka \u0027signed char[1365]\u0027)\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \u003c/TASK\u003e\n================================================================================\nKernel panic - not syncing: UBSAN: panic_on_warn set ...\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n panic+0x30f/0x770 kernel/panic.c:340\n check_panic_on_warn+0x82/0xa0 kernel/panic.c:236\n ubsan_epilogue lib/ubsan.c:223 [inline]\n __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \u003c/TASK\u003e\nKernel Offset: disabled\nRebooting in 86400 seconds..\n\nThe issue is caused when the value of lp becomes greater than\nCTLTREESIZE which is the max size of stree. Adding a simple check\nsolves this issue.\n\nDave:\nAs the function returns a void, good error handling\nwould require a more intrusive code reorganization, so I modified\nOsama\u0027s patch at use WARN_ON_ONCE for lack of a cleaner option.\n\nThe patch is tested via syzbot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:37.407Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15"
        },
        {
          "url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56"
        },
        {
          "url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd"
        },
        {
          "url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68"
        }
      ],
      "title": "FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52604",
    "datePublished": "2024-03-06T06:45:30.246Z",
    "dateReserved": "2024-03-02T21:55:42.573Z",
    "dateUpdated": "2026-01-05T10:16:37.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36288 (GCVE-0-2024-36288)

Vulnerability from cvelistv5 – Published: 2024-06-21 11:18 – Updated: 2025-11-04 17:21

Title

SUNRPC: Fix loop termination condition in gss_free_in_token_pages()

Summary

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/57ff6c0a175930856…
	https://git.kernel.org/stable/c/6ed45d20d30005bed…
	https://git.kernel.org/stable/c/4cefcd0af7458bdef…
	https://git.kernel.org/stable/c/b4878ea99f2b40ef1…
	https://git.kernel.org/stable/c/af628d43a822b78ad…
	https://git.kernel.org/stable/c/0a1cb0c6102bb4fd3…
	https://git.kernel.org/stable/c/4a77c3dead9733947…

Impacted products

Vendor

Product

Version

Linux

Affected: ab8466d4e26806a4ae82c282762c4545eecf45ef , < 57ff6c0a175930856213b2aa39f8c845a53e5b1c (git)
Affected: 4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca , < 6ed45d20d30005bed94c8c527ce51d5ad8121018 (git)
Affected: f148a95f68c66c1b097391b68e153d5a46f0e780 , < 4cefcd0af7458bdeff56a9d8dfc6868ce23d128a (git)
Affected: fe0b474974fee7af1df286e0edd5a1460c811865 , < b4878ea99f2b40ef1925720b1b4ca7f4af1ba785 (git)
Affected: c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f , < af628d43a822b78ad8d4a58d8259f8bf8bc71115 (git)
Affected: 8ca148915670a2921afcc255af9e1dc80f37b052 , < 0a1cb0c6102bb4fd310243588d39461da49497ad (git)
Affected: bafa6b4d95d97877baa61883ff90f7e374427fae , < 4a77c3dead97339478c7422eb07bf4bf63577008 (git)
Affected: a3c1afd5d7ad59e34a275d80c428952f83c8c1f0 (git)

Linux

Affected: 6.9.3 , < 6.9.4 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36288",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:05:00.955390Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:05:08.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:10.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/auth_gss/svcauth_gss.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "57ff6c0a175930856213b2aa39f8c845a53e5b1c",
              "status": "affected",
              "version": "ab8466d4e26806a4ae82c282762c4545eecf45ef",
              "versionType": "git"
            },
            {
              "lessThan": "6ed45d20d30005bed94c8c527ce51d5ad8121018",
              "status": "affected",
              "version": "4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca",
              "versionType": "git"
            },
            {
              "lessThan": "4cefcd0af7458bdeff56a9d8dfc6868ce23d128a",
              "status": "affected",
              "version": "f148a95f68c66c1b097391b68e153d5a46f0e780",
              "versionType": "git"
            },
            {
              "lessThan": "b4878ea99f2b40ef1925720b1b4ca7f4af1ba785",
              "status": "affected",
              "version": "fe0b474974fee7af1df286e0edd5a1460c811865",
              "versionType": "git"
            },
            {
              "lessThan": "af628d43a822b78ad8d4a58d8259f8bf8bc71115",
              "status": "affected",
              "version": "c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f",
              "versionType": "git"
            },
            {
              "lessThan": "0a1cb0c6102bb4fd310243588d39461da49497ad",
              "status": "affected",
              "version": "8ca148915670a2921afcc255af9e1dc80f37b052",
              "versionType": "git"
            },
            {
              "lessThan": "4a77c3dead97339478c7422eb07bf4bf63577008",
              "status": "affected",
              "version": "bafa6b4d95d97877baa61883ff90f7e374427fae",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a3c1afd5d7ad59e34a275d80c428952f83c8c1f0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/auth_gss/svcauth_gss.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.9.4",
              "status": "affected",
              "version": "6.9.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "6.9.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token-\u003epages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n  KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:39:18.733Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"
        },
        {
          "url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"
        },
        {
          "url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"
        }
      ],
      "title": "SUNRPC: Fix loop termination condition in gss_free_in_token_pages()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36288",
    "datePublished": "2024-06-21T11:18:46.152Z",
    "dateReserved": "2024-06-21T11:16:40.621Z",
    "dateUpdated": "2025-11-04T17:21:10.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-0841 (GCVE-0-2024-0841)

Vulnerability from cvelistv5 – Published: 2024-01-28 11:20 – Updated: 2025-11-06 19:54

Title

Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function

Summary

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

Severity ?

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:2394	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2950	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3138	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-0841	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2256490	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-553.rt7.342.el8_10 , < * (rpm)
cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/a:redhat:enterprise_linux:8::realtime

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-553.el8_10 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:18.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2394"
          },
          {
            "name": "RHSA-2024:2950",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2950"
          },
          {
            "name": "RHSA-2024:3138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3138"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0841"
          },
          {
            "name": "RHBZ#2256490",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0841",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:50:50.798864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T15:11:12.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::nfv",
            "cpe:/a:redhat:enterprise_linux:8::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-553.rt7.342.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-553.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-01-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T19:54:47.949Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2394"
        },
        {
          "name": "RHSA-2024:2950",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2950"
        },
        {
          "name": "RHSA-2024:3138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3138"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0841"
        },
        {
          "name": "RHBZ#2256490",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-02T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-23T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0841",
    "datePublished": "2024-01-28T11:20:40.159Z",
    "dateReserved": "2024-01-23T21:14:44.230Z",
    "dateUpdated": "2025-11-06T19:54:47.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52672 (GCVE-0-2023-52672)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:02 – Updated: 2025-05-04 07:41

Title

pipe: wakeup wr_wait after setting max_usage

Summary

In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized pipes under certain conditions. See the reproducer in [1]. The commit resizing the pipe ring size was moved to a different function, doing that moved the wakeup for pipe->wr_wait before actually raising pipe->max_usage. If a pipe was full before the resize occured it would result in the wakeup never actually triggering pipe_write. Set @max_usage and @nr_accounted before waking writers if this isn't a watch queue. [Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/162ae0e78bdabf84e…
	https://git.kernel.org/stable/c/3efbd114b91525bb0…
	https://git.kernel.org/stable/c/b87a1229d8668fbc7…
	https://git.kernel.org/stable/c/68e51bdb1194f11d3…
	https://git.kernel.org/stable/c/6fb70694f8d1ac34e…
	https://git.kernel.org/stable/c/e95aada4cb93d42e2…

Impacted products

Vendor

Product

Version

Linux

Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8 (git)
Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 3efbd114b91525bb095b8ae046382197d92126b9 (git)
Affected: c73be61cede5882f9605a852414db559c0ebedfd , < b87a1229d8668fbc78ebd9ca0fc797a76001c60f (git)
Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 68e51bdb1194f11d3452525b99c98aff6f837b24 (git)
Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 6fb70694f8d1ac34e45246b0ac988f025e1e5b55 (git)
Affected: c73be61cede5882f9605a852414db559c0ebedfd , < e95aada4cb93d42e25c30a0ef9eb2923d9711d4a (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "162ae0e78bda",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3efbd114b915",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b87a1229d866",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "68e51bdb1194",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6fb70694f8d1",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "e95aada4cb93",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.8"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.210",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.149",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.76",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.15",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52672",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T16:59:59.118362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T18:06:58.324Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/pipe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "3efbd114b91525bb095b8ae046382197d92126b9",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "b87a1229d8668fbc78ebd9ca0fc797a76001c60f",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "68e51bdb1194f11d3452525b99c98aff6f837b24",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "6fb70694f8d1ac34e45246b0ac988f025e1e5b55",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "e95aada4cb93d42e25c30a0ef9eb2923d9711d4a",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/pipe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npipe: wakeup wr_wait after setting max_usage\n\nCommit c73be61cede5 (\"pipe: Add general notification queue support\") a\nregression was introduced that would lock up resized pipes under certain\nconditions. See the reproducer in [1].\n\nThe commit resizing the pipe ring size was moved to a different\nfunction, doing that moved the wakeup for pipe-\u003ewr_wait before actually\nraising pipe-\u003emax_usage. If a pipe was full before the resize occured it\nwould result in the wakeup never actually triggering pipe_write.\n\nSet @max_usage and @nr_accounted before waking writers if this isn\u0027t a\nwatch queue.\n\n[Christian Brauner \u003cbrauner@kernel.org\u003e: rewrite to account for watch queues]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:41:16.156Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
        },
        {
          "url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
        },
        {
          "url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
        }
      ],
      "title": "pipe: wakeup wr_wait after setting max_usage",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52672",
    "datePublished": "2024-05-17T14:02:10.308Z",
    "dateReserved": "2024-03-07T14:49:46.886Z",
    "dateUpdated": "2025-05-04T07:41:16.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35910 (GCVE-0-2024-35910)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:35 – Updated: 2025-05-04 09:08

Title

tcp: properly terminate timers for kernel sockets

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to 'stop' the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held. This is the reason it uses sk_stop_timer(), aka del_timer(). This means that ongoing timers might finish much later. For user sockets, this is fine because each running timer holds a reference on the socket, and the user socket holds a reference on the netns. For kernel sockets, we risk that the netns is freed before timer can complete, because kernel sockets do not hold reference on the netns. This patch adds inet_csk_clear_xmit_timers_sync() function that using sk_stop_timer_sync() to make sure all timers are terminated before the kernel socket is released. Modules using kernel sockets close them in their netns exit() handler. Also add sock_not_owned_by_me() helper to get LOCKDEP support : inet_csk_clear_xmit_timers_sync() must not be called while socket lock is held. It is very possible we can revert in the future commit 3a58f13a881e ("net: rds: acquire refcount on TCP sockets") which attempted to solve the issue in rds only. (net/smc/af_smc.c and net/mptcp/subflow.c have similar code) We probably can remove the check_net() tests from tcp_out_of_resources() and __tcp_close() in the future.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/93f0133b9d589cc6e…
	https://git.kernel.org/stable/c/44e62f5d356786867…
	https://git.kernel.org/stable/c/e3e27d2b446deb1f6…
	https://git.kernel.org/stable/c/2e43d8eba6edd1cf0…
	https://git.kernel.org/stable/c/91b243de910a9ac84…
	https://git.kernel.org/stable/c/c1ae4d1e76eacddaa…
	https://git.kernel.org/stable/c/899265c1389fe0228…
	https://git.kernel.org/stable/c/151c9c724d05d5b0d…

Impacted products

Vendor

Product

Version

Linux

Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 93f0133b9d589cc6e865f254ad9be3e9d8133f50 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 44e62f5d35678686734afd47c6a421ad30772e7f (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < e3e27d2b446deb1f643758a0c4731f5c22492810 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 91b243de910a9ac8476d40238ab3dbfeedd5b7de (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < c1ae4d1e76eacddaacb958b67cd942082f800c87 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 899265c1389fe022802aae73dbf13ee08837a35a (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:25:39.390284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:44:27.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93f0133b9d589cc6e865f254ad9be3e9d8133f50"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44e62f5d35678686734afd47c6a421ad30772e7f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3e27d2b446deb1f643758a0c4731f5c22492810"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91b243de910a9ac8476d40238ab3dbfeedd5b7de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1ae4d1e76eacddaacb958b67cd942082f800c87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/899265c1389fe022802aae73dbf13ee08837a35a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/inet_connection_sock.h",
            "include/net/sock.h",
            "net/ipv4/inet_connection_sock.c",
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "93f0133b9d589cc6e865f254ad9be3e9d8133f50",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "44e62f5d35678686734afd47c6a421ad30772e7f",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "e3e27d2b446deb1f643758a0c4731f5c22492810",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "91b243de910a9ac8476d40238ab3dbfeedd5b7de",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "c1ae4d1e76eacddaacb958b67cd942082f800c87",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "899265c1389fe022802aae73dbf13ee08837a35a",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/inet_connection_sock.h",
            "include/net/sock.h",
            "net/ipv4/inet_connection_sock.c",
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:11.069Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/93f0133b9d589cc6e865f254ad9be3e9d8133f50"
        },
        {
          "url": "https://git.kernel.org/stable/c/44e62f5d35678686734afd47c6a421ad30772e7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3e27d2b446deb1f643758a0c4731f5c22492810"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/91b243de910a9ac8476d40238ab3dbfeedd5b7de"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1ae4d1e76eacddaacb958b67cd942082f800c87"
        },
        {
          "url": "https://git.kernel.org/stable/c/899265c1389fe022802aae73dbf13ee08837a35a"
        },
        {
          "url": "https://git.kernel.org/stable/c/151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada"
        }
      ],
      "title": "tcp: properly terminate timers for kernel sockets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35910",
    "datePublished": "2024-05-19T08:35:03.287Z",
    "dateReserved": "2024-05-17T13:50:33.121Z",
    "dateUpdated": "2025-05-04T09:08:11.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52637 (GCVE-0-2023-52637)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:54 – Updated: 2025-05-04 07:40

Title

can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)

Summary

In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following trace was seen on affected system: ================================================================== BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] Read of size 4 at addr ffff888012144014 by task j1939/350 CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: print_report+0xd3/0x620 ? kasan_complete_mode_report_info+0x7d/0x200 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] kasan_report+0xc2/0x100 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] __asan_load4+0x84/0xb0 j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] j1939_sk_recv+0x20b/0x320 [can_j1939] ? __kasan_check_write+0x18/0x20 ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939] ? j1939_simple_recv+0x69/0x280 [can_j1939] ? j1939_ac_recv+0x5e/0x310 [can_j1939] j1939_can_recv+0x43f/0x580 [can_j1939] ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939] ? raw_rcv+0x42/0x3c0 [can_raw] ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939] can_rcv_filter+0x11f/0x350 [can] can_receive+0x12f/0x190 [can] ? __pfx_can_rcv+0x10/0x10 [can] can_rcv+0xdd/0x130 [can] ? __pfx_can_rcv+0x10/0x10 [can] __netif_receive_skb_one_core+0x13d/0x150 ? __pfx___netif_receive_skb_one_core+0x10/0x10 ? __kasan_check_write+0x18/0x20 ? _raw_spin_lock_irq+0x8c/0xe0 __netif_receive_skb+0x23/0xb0 process_backlog+0x107/0x260 __napi_poll+0x69/0x310 net_rx_action+0x2a1/0x580 ? __pfx_net_rx_action+0x10/0x10 ? __pfx__raw_spin_lock+0x10/0x10 ? handle_irq_event+0x7d/0xa0 __do_softirq+0xf3/0x3f8 do_softirq+0x53/0x80 </IRQ> <TASK> __local_bh_enable_ip+0x6e/0x70 netif_rx+0x16b/0x180 can_send+0x32b/0x520 [can] ? __pfx_can_send+0x10/0x10 [can] ? __check_object_size+0x299/0x410 raw_sendmsg+0x572/0x6d0 [can_raw] ? __pfx_raw_sendmsg+0x10/0x10 [can_raw] ? apparmor_socket_sendmsg+0x2f/0x40 ? __pfx_raw_sendmsg+0x10/0x10 [can_raw] sock_sendmsg+0xef/0x100 sock_write_iter+0x162/0x220 ? __pfx_sock_write_iter+0x10/0x10 ? __rtnl_unlock+0x47/0x80 ? security_file_permission+0x54/0x320 vfs_write+0x6ba/0x750 ? __pfx_vfs_write+0x10/0x10 ? __fget_light+0x1ca/0x1f0 ? __rcu_read_unlock+0x5b/0x280 ksys_write+0x143/0x170 ? __pfx_ksys_write+0x10/0x10 ? __kasan_check_read+0x15/0x20 ? fpregs_assert_state_consistent+0x62/0x70 __x64_sys_write+0x47/0x60 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6d/0x90 ? irqentry_exit+0x3f/0x50 ? exc_page_fault+0x79/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Allocated by task 348: kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_alloc_info+0x1f/0x30 __kasan_kmalloc+0xb5/0xc0 __kmalloc_node_track_caller+0x67/0x160 j1939_sk_setsockopt+0x284/0x450 [can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Freed by task 349: kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_free_info+0x2f/0x50 __kasan_slab_free+0x12e/0x1c0 __kmem_cache_free+0x1b9/0x380 kfree+0x7a/0x120 j1939_sk_setsockopt+0x3b2/0x450 [can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/08de58abedf6e6939…
	https://git.kernel.org/stable/c/978e50ef8c38dc71b…
	https://git.kernel.org/stable/c/41ccb5bcbf03f02d8…
	https://git.kernel.org/stable/c/4dd684d4bb3cd5454…
	https://git.kernel.org/stable/c/f84e7534457dcd783…
	https://git.kernel.org/stable/c/fc74b9cb789cae061…
	https://git.kernel.org/stable/c/efe7cf828039aedb2…

Impacted products

Vendor

Product

Version

Linux

Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 08de58abedf6e69396e1207e4f99ef8904b2b532 (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 978e50ef8c38dc71bd14d1b0143d554ff5d188ba (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 41ccb5bcbf03f02d820bc6ea8390811859f558f8 (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < f84e7534457dcd7835be743517c35378bb4e7c50 (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < fc74b9cb789cae061bbca7b203a3842e059f6b5d (git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < efe7cf828039aedb297c1f9920b638fffee6aabc (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T17:45:26.968713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:58.193Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/can/j1939/j1939-priv.h",
            "net/can/j1939/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "08de58abedf6e69396e1207e4f99ef8904b2b532",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "978e50ef8c38dc71bd14d1b0143d554ff5d188ba",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "41ccb5bcbf03f02d820bc6ea8390811859f558f8",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "f84e7534457dcd7835be743517c35378bb4e7c50",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "fc74b9cb789cae061bbca7b203a3842e059f6b5d",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            },
            {
              "lessThan": "efe7cf828039aedb297c1f9920b638fffee6aabc",
              "status": "affected",
              "version": "9d71dd0c70099914fcd063135da3c580865e924c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/can/j1939/j1939-priv.h",
            "net/can/j1939/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)\n\nLock jsk-\u003esk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)\nmodifies jsk-\u003efilters while receiving packets.\n\nFollowing trace was seen on affected system:\n ==================================================================\n BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n Read of size 4 at addr ffff888012144014 by task j1939/350\n\n CPU: 0 PID: 350 Comm: j1939 Tainted: G        W  OE      6.5.0-rc5 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n  print_report+0xd3/0x620\n  ? kasan_complete_mode_report_info+0x7d/0x200\n  ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n  kasan_report+0xc2/0x100\n  ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n  __asan_load4+0x84/0xb0\n  j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n  j1939_sk_recv+0x20b/0x320 [can_j1939]\n  ? __kasan_check_write+0x18/0x20\n  ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939]\n  ? j1939_simple_recv+0x69/0x280 [can_j1939]\n  ? j1939_ac_recv+0x5e/0x310 [can_j1939]\n  j1939_can_recv+0x43f/0x580 [can_j1939]\n  ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n  ? raw_rcv+0x42/0x3c0 [can_raw]\n  ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n  can_rcv_filter+0x11f/0x350 [can]\n  can_receive+0x12f/0x190 [can]\n  ? __pfx_can_rcv+0x10/0x10 [can]\n  can_rcv+0xdd/0x130 [can]\n  ? __pfx_can_rcv+0x10/0x10 [can]\n  __netif_receive_skb_one_core+0x13d/0x150\n  ? __pfx___netif_receive_skb_one_core+0x10/0x10\n  ? __kasan_check_write+0x18/0x20\n  ? _raw_spin_lock_irq+0x8c/0xe0\n  __netif_receive_skb+0x23/0xb0\n  process_backlog+0x107/0x260\n  __napi_poll+0x69/0x310\n  net_rx_action+0x2a1/0x580\n  ? __pfx_net_rx_action+0x10/0x10\n  ? __pfx__raw_spin_lock+0x10/0x10\n  ? handle_irq_event+0x7d/0xa0\n  __do_softirq+0xf3/0x3f8\n  do_softirq+0x53/0x80\n  \u003c/IRQ\u003e\n  \u003cTASK\u003e\n  __local_bh_enable_ip+0x6e/0x70\n  netif_rx+0x16b/0x180\n  can_send+0x32b/0x520 [can]\n  ? __pfx_can_send+0x10/0x10 [can]\n  ? __check_object_size+0x299/0x410\n  raw_sendmsg+0x572/0x6d0 [can_raw]\n  ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n  ? apparmor_socket_sendmsg+0x2f/0x40\n  ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n  sock_sendmsg+0xef/0x100\n  sock_write_iter+0x162/0x220\n  ? __pfx_sock_write_iter+0x10/0x10\n  ? __rtnl_unlock+0x47/0x80\n  ? security_file_permission+0x54/0x320\n  vfs_write+0x6ba/0x750\n  ? __pfx_vfs_write+0x10/0x10\n  ? __fget_light+0x1ca/0x1f0\n  ? __rcu_read_unlock+0x5b/0x280\n  ksys_write+0x143/0x170\n  ? __pfx_ksys_write+0x10/0x10\n  ? __kasan_check_read+0x15/0x20\n  ? fpregs_assert_state_consistent+0x62/0x70\n  __x64_sys_write+0x47/0x60\n  do_syscall_64+0x60/0x90\n  ? do_syscall_64+0x6d/0x90\n  ? irqentry_exit+0x3f/0x50\n  ? exc_page_fault+0x79/0xf0\n  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Allocated by task 348:\n  kasan_save_stack+0x2a/0x50\n  kasan_set_track+0x29/0x40\n  kasan_save_alloc_info+0x1f/0x30\n  __kasan_kmalloc+0xb5/0xc0\n  __kmalloc_node_track_caller+0x67/0x160\n  j1939_sk_setsockopt+0x284/0x450 [can_j1939]\n  __sys_setsockopt+0x15c/0x2f0\n  __x64_sys_setsockopt+0x6b/0x80\n  do_syscall_64+0x60/0x90\n  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Freed by task 349:\n  kasan_save_stack+0x2a/0x50\n  kasan_set_track+0x29/0x40\n  kasan_save_free_info+0x2f/0x50\n  __kasan_slab_free+0x12e/0x1c0\n  __kmem_cache_free+0x1b9/0x380\n  kfree+0x7a/0x120\n  j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]\n  __sys_setsockopt+0x15c/0x2f0\n  __x64_sys_setsockopt+0x6b/0x80\n  do_syscall_64+0x60/0x90\n  entry_SYSCALL_64_after_hwframe+0x6e/0xd8"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:40:29.900Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532"
        },
        {
          "url": "https://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc"
        }
      ],
      "title": "can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52637",
    "datePublished": "2024-04-03T14:54:40.262Z",
    "dateReserved": "2024-03-06T09:52:12.093Z",
    "dateUpdated": "2025-05-04T07:40:29.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38618 (GCVE-0-2024-38618)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:56 – Updated: 2026-01-05 10:36

Title

ALSA: timer: Set lower bound of start tick time

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to an unexpected RCU stall, where the callback repeatedly queuing the expire update, as reported by fuzzer. This patch introduces a sanity check of the timer start tick time, so that the system returns an error when a too small start size is set. As of this patch, the lower limit is hard-coded to 100us, which is small enough but can still work somehow.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/68396c825c43664b2…
	https://git.kernel.org/stable/c/74bfb8d90f2601718…
	https://git.kernel.org/stable/c/bdd0aa055b8ec7e24…
	https://git.kernel.org/stable/c/83f0ba8592b9e258f…
	https://git.kernel.org/stable/c/ceab795a67dd28dd9…
	https://git.kernel.org/stable/c/2c95241ac5fc90c92…
	https://git.kernel.org/stable/c/abb1ad69d98cf1ff2…
	https://git.kernel.org/stable/c/4a63bd179fa8d3fcc…

Impacted products

Vendor

Product

Version

Linux

Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < 68396c825c43664b20a3a1ba546844deb2b4e48f (git)
Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < 74bfb8d90f2601718ae203faf45a196844c01fa1 (git)
Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < bdd0aa055b8ec7e24bbc19513f3231958741d0ab (git)
Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < 83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e (git)
Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < ceab795a67dd28dd942d0d8bba648c6c0f7a044b (git)
Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < 2c95241ac5fc90c929d6c0c023e84bf0d30e84c3 (git)
Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd (git)
Affected: bbaf5e97337287479eb78dbc3822d9560bbfd2e2 , < 4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38618",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:01:19.317734Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T21:19:00.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:47.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/74bfb8d90f2601718ae203faf45a196844c01fa1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bdd0aa055b8ec7e24bbc19513f3231958741d0ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ceab795a67dd28dd942d0d8bba648c6c0f7a044b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2c95241ac5fc90c929d6c0c023e84bf0d30e84c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/core/timer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "68396c825c43664b20a3a1ba546844deb2b4e48f",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            },
            {
              "lessThan": "74bfb8d90f2601718ae203faf45a196844c01fa1",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            },
            {
              "lessThan": "bdd0aa055b8ec7e24bbc19513f3231958741d0ab",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            },
            {
              "lessThan": "83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            },
            {
              "lessThan": "ceab795a67dd28dd942d0d8bba648c6c0f7a044b",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            },
            {
              "lessThan": "2c95241ac5fc90c929d6c0c023e84bf0d30e84c3",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            },
            {
              "lessThan": "abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            },
            {
              "lessThan": "4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e",
              "status": "affected",
              "version": "bbaf5e97337287479eb78dbc3822d9560bbfd2e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/core/timer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn\u0027t have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer.  Such a situation may lead to an unexpected RCU stall,\nwhere  the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:42.191Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f"
        },
        {
          "url": "https://git.kernel.org/stable/c/74bfb8d90f2601718ae203faf45a196844c01fa1"
        },
        {
          "url": "https://git.kernel.org/stable/c/bdd0aa055b8ec7e24bbc19513f3231958741d0ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ceab795a67dd28dd942d0d8bba648c6c0f7a044b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c95241ac5fc90c929d6c0c023e84bf0d30e84c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e"
        }
      ],
      "title": "ALSA: timer: Set lower bound of start tick time",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38618",
    "datePublished": "2024-06-19T13:56:17.422Z",
    "dateReserved": "2024-06-18T19:36:34.945Z",
    "dateUpdated": "2026-01-05T10:36:42.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52491 (GCVE-0-2023-52491)

Vulnerability from cvelistv5 – Published: 2024-02-29 15:52 – Updated: 2025-05-04 07:37

Title

media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run

Summary

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if error happens in mtk_jpeg_set_dec_dst, it will finally start the worker while mark the job as finished by invoking v4l2_m2m_job_finish. There are two methods to trigger the bug. If we remove the module, it which will call mtk_jpeg_remove to make cleanup. The possible sequence is as follows, which will cause a use-after-free bug. CPU0 CPU1 mtk_jpeg_dec_... | start worker | |mtk_jpeg_job_timeout_work mtk_jpeg_remove | v4l2_m2m_release | kfree(m2m_dev); | | | v4l2_m2m_get_curr_priv | m2m_dev->curr_ctx //use If we close the file descriptor, which will call mtk_jpeg_release, it will have a similar sequence. Fix this bug by starting timeout worker only if started jpegdec worker successfully. Then v4l2_m2m_job_finish will only be called in either mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/43872f44eee6c6781…
	https://git.kernel.org/stable/c/1b1036c60a37a30ca…
	https://git.kernel.org/stable/c/9fec4db7fff54d9b0…
	https://git.kernel.org/stable/c/8254d54d00eb6cdb8…
	https://git.kernel.org/stable/c/6e2f37022f0fc0893…
	https://git.kernel.org/stable/c/206c857dd17d4d026…

Impacted products

Vendor

Product

Version

Linux

Affected: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 , < 43872f44eee6c6781fea1348b38885d8e78face9 (git)
Affected: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 , < 1b1036c60a37a30caf6759a90fe5ecd06ec35590 (git)
Affected: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 , < 9fec4db7fff54d9b0306a332bab31eac47eeb5f6 (git)
Affected: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 , < 8254d54d00eb6cdb8367399c7f912eb8d354ecd7 (git)
Affected: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 , < 6e2f37022f0fc0893da4d85a0500c9d547fffd4c (git)
Affected: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 , < 206c857dd17d4d026de85866f1b5f0969f2a109e (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T18:46:39.566289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T18:47:11.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "43872f44eee6c6781fea1348b38885d8e78face9",
              "status": "affected",
              "version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
              "versionType": "git"
            },
            {
              "lessThan": "1b1036c60a37a30caf6759a90fe5ecd06ec35590",
              "status": "affected",
              "version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
              "versionType": "git"
            },
            {
              "lessThan": "9fec4db7fff54d9b0306a332bab31eac47eeb5f6",
              "status": "affected",
              "version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
              "versionType": "git"
            },
            {
              "lessThan": "8254d54d00eb6cdb8367399c7f912eb8d354ecd7",
              "status": "affected",
              "version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
              "versionType": "git"
            },
            {
              "lessThan": "6e2f37022f0fc0893da4d85a0500c9d547fffd4c",
              "status": "affected",
              "version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
              "versionType": "git"
            },
            {
              "lessThan": "206c857dd17d4d026de85866f1b5f0969f2a109e",
              "status": "affected",
              "version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run\n\nIn mtk_jpeg_probe, \u0026jpeg-\u003ejob_timeout_work is bound with\nmtk_jpeg_job_timeout_work.\n\nIn mtk_jpeg_dec_device_run, if error happens in\nmtk_jpeg_set_dec_dst, it will finally start the worker while\nmark the job as finished by invoking v4l2_m2m_job_finish.\n\nThere are two methods to trigger the bug. If we remove the\nmodule, it which will call mtk_jpeg_remove to make cleanup.\nThe possible sequence is as follows, which will cause a\nuse-after-free bug.\n\nCPU0                  CPU1\nmtk_jpeg_dec_...    |\n  start worker\t    |\n                    |mtk_jpeg_job_timeout_work\nmtk_jpeg_remove     |\n  v4l2_m2m_release  |\n    kfree(m2m_dev); |\n                    |\n                    | v4l2_m2m_get_curr_priv\n                    |   m2m_dev-\u003ecurr_ctx //use\n\nIf we close the file descriptor, which will call mtk_jpeg_release,\nit will have a similar sequence.\n\nFix this bug by starting timeout worker only if started jpegdec worker\nsuccessfully. Then v4l2_m2m_job_finish will only be called in\neither mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:37:54.249Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e"
        }
      ],
      "title": "media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52491",
    "datePublished": "2024-02-29T15:52:09.891Z",
    "dateReserved": "2024-02-20T12:30:33.303Z",
    "dateUpdated": "2025-05-04T07:37:54.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26969 (GCVE-0-2024-26969)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:01

Title

clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays

Summary

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e117c6e2d1617520f…
	https://git.kernel.org/stable/c/83fe1bbd9e259ad10…
	https://git.kernel.org/stable/c/851cc19bdb02556fb…
	https://git.kernel.org/stable/c/9de184d4e557d550f…
	https://git.kernel.org/stable/c/dd92b159c506804ac…
	https://git.kernel.org/stable/c/b6b31b4c67ea6bd92…
	https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63…
	https://git.kernel.org/stable/c/be9e2752d823eca1d…
	https://git.kernel.org/stable/c/1040ef5ed95d6fd26…

Impacted products

Vendor

Product

Version

Linux

Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 83fe1bbd9e259ad109827ccfbfc2488e0dea8e94 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 851cc19bdb02556fb13629b3e4fef6f2bdb038fe (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 9de184d4e557d550fb0b7b833b676bda4f269e4f (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < dd92b159c506804ac57adf3742d9728298bb1255 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < b6b31b4c67ea6bd9222e5b73b330554c57f2f90d (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < be9e2752d823eca1d5af67014a1844a9176ff566 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 1040ef5ed95d6fd2628bad387d78a61633e09429 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83fe1bbd9e259ad109827ccfbfc2488e0dea8e94"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/851cc19bdb02556fb13629b3e4fef6f2bdb038fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9de184d4e557d550fb0b7b833b676bda4f269e4f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd92b159c506804ac57adf3742d9728298bb1255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6b31b4c67ea6bd9222e5b73b330554c57f2f90d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be9e2752d823eca1d5af67014a1844a9176ff566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1040ef5ed95d6fd2628bad387d78a61633e09429"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:45:16.629888Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:44.899Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/gcc-ipq8074.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "83fe1bbd9e259ad109827ccfbfc2488e0dea8e94",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "851cc19bdb02556fb13629b3e4fef6f2bdb038fe",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "9de184d4e557d550fb0b7b833b676bda4f269e4f",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "dd92b159c506804ac57adf3742d9728298bb1255",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "b6b31b4c67ea6bd9222e5b73b330554c57f2f90d",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "be9e2752d823eca1d5af67014a1844a9176ff566",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "1040ef5ed95d6fd2628bad387d78a61633e09429",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/gcc-ipq8074.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-ipq8074: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:05.215Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27"
        },
        {
          "url": "https://git.kernel.org/stable/c/83fe1bbd9e259ad109827ccfbfc2488e0dea8e94"
        },
        {
          "url": "https://git.kernel.org/stable/c/851cc19bdb02556fb13629b3e4fef6f2bdb038fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/9de184d4e557d550fb0b7b833b676bda4f269e4f"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd92b159c506804ac57adf3742d9728298bb1255"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6b31b4c67ea6bd9222e5b73b330554c57f2f90d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/be9e2752d823eca1d5af67014a1844a9176ff566"
        },
        {
          "url": "https://git.kernel.org/stable/c/1040ef5ed95d6fd2628bad387d78a61633e09429"
        }
      ],
      "title": "clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26969",
    "datePublished": "2024-05-01T05:19:50.580Z",
    "dateReserved": "2024-02-19T14:20:24.202Z",
    "dateUpdated": "2025-05-04T09:01:05.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36905 (GCVE-0-2024-36905)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:11

Title

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by zero in tcp_rcv_space_adjust() A socket makes the following state transitions, without ever calling tcp_init_transfer(), meaning tcp_init_buffer_space() is also not called. TCP_CLOSE connect() TCP_SYN_SENT TCP_SYN_RECV shutdown() -> tcp_shutdown(sk, SEND_SHUTDOWN) TCP_FIN_WAIT1 To fix this issue, change tcp_shutdown() to not perform a TCP_SYN_RECV -> TCP_FIN_WAIT1 transition, which makes no sense anyway. When tcp_rcv_state_process() later changes socket state from TCP_SYN_RECV to TCP_ESTABLISH, then look at sk->sk_shutdown to finally enter TCP_FIN_WAIT1 state, and send a FIN packet from a sane socket state. This means tcp_send_fin() can now be called from BH context, and must use GFP_ATOMIC allocations. [1] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767 Code: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 <48> f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48 RSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246 RAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7 R10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30 R13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da FS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0 Call Trace: <TASK> tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513 tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578 inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg+0x109/0x280 net/socket.c:1068 ____sys_recvmsg+0x1db/0x470 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x474/0xae0 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __do_sys_recvmmsg net/socket.c:3041 [inline] __se_sys_recvmmsg net/socket.c:3034 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7faeb6363db9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9 RDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c R10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/34e41a031fd7523bf…
	https://git.kernel.org/stable/c/ed5e279b69e007ce6…
	https://git.kernel.org/stable/c/413c33b9f3bc36fdf…
	https://git.kernel.org/stable/c/2552c9d9440f8e7a2…
	https://git.kernel.org/stable/c/3fe4ef0568a48369b…
	https://git.kernel.org/stable/c/f47d0d32fa94e815f…
	https://git.kernel.org/stable/c/cbf232ba11bc86a52…
	https://git.kernel.org/stable/c/94062790aedb505bd…
	https://www.openwall.com/lists/oss-security/2024/…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 34e41a031fd7523bf1cd00a2adca2370aebea270 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ed5e279b69e007ce6c0fe82a5a534c1b19783214 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 413c33b9f3bc36fdf719690a78824db9f88a9485 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2552c9d9440f8e7a2ed0660911ff00f25b90a0a4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3fe4ef0568a48369b1891395d13ac593b1ba41b1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f47d0d32fa94e815fdd78b8b88684873e67939f4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cbf232ba11bc86a5281b4f00e1151349ef4d45cf (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 94062790aedb505bdda209b10bea47b294d6394f (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "34e41a031fd7",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ed5e279b69e0",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "413c33b9f3bc",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2552c9d9440f",
                "status": "affected",
                "version": "1da177e4c3f",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3fe4ef0568a4",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "f47d0d32fa94",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "cbf232ba11bc",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "94062790aedb",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4.20",
                "status": "unaffected",
                "version": "4.19.314",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "unaffected",
                "version": "5.10.217",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.16",
                "status": "unaffected",
                "version": "5.15.159",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.2",
                "status": "unaffected",
                "version": "6.1.91",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.7",
                "status": "unaffected",
                "version": "6.6.31",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2.6.12",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "2.6.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.5",
                "status": "unaffected",
                "version": "5.4.276",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.9",
                "status": "unaffected",
                "version": "6.8.10",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T18:00:22.813648Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:43:30.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://github.com/cisagov/vulnrichment/issues/130"
          },
          {
            "url": "https://www.openwall.com/lists/oss-security/2024/11/12/4"
          },
          {
            "url": "https://alas.aws.amazon.com/cve/html/CVE-2024-36905.html"
          },
          {
            "url": "https://access.redhat.com/security/cve/cve-2024-36905"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:02:41.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240905-0005/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/29/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/30/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/12/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c",
            "net/ipv4/tcp_input.c",
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "34e41a031fd7523bf1cd00a2adca2370aebea270",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ed5e279b69e007ce6c0fe82a5a534c1b19783214",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "413c33b9f3bc36fdf719690a78824db9f88a9485",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2552c9d9440f8e7a2ed0660911ff00f25b90a0a4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3fe4ef0568a48369b1891395d13ac593b1ba41b1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f47d0d32fa94e815fdd78b8b88684873e67939f4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cbf232ba11bc86a5281b4f00e1151349ef4d45cf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "94062790aedb505bdda209b10bea47b294d6394f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c",
            "net/ipv4/tcp_input.c",
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n         TCP_CLOSE\nconnect()\n         TCP_SYN_SENT\n         TCP_SYN_RECV\nshutdown() -\u003e tcp_shutdown(sk, SEND_SHUTDOWN)\n         TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -\u003e TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk-\u003esk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 \u003c48\u003e f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS:  00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n  tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n  tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n  inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n  sock_recvmsg_nosec net/socket.c:1046 [inline]\n  sock_recvmsg+0x109/0x280 net/socket.c:1068\n  ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n  ___sys_recvmsg net/socket.c:2845 [inline]\n  do_recvmmsg+0x474/0xae0 net/socket.c:2939\n  __sys_recvmmsg net/socket.c:3018 [inline]\n  __do_sys_recvmmsg net/socket.c:3041 [inline]\n  __se_sys_recvmmsg net/socket.c:3034 [inline]\n  __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:47.697Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"
        },
        {
          "url": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"
        },
        {
          "url": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2024/10/29/1"
        }
      ],
      "title": "tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36905",
    "datePublished": "2024-05-30T15:29:06.046Z",
    "dateReserved": "2024-05-30T15:25:07.067Z",
    "dateUpdated": "2025-05-04T09:11:47.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36939 (GCVE-0-2024-36939)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:12

Title

nfs: Handle error of rpc_proc_register() in nfs_net_init().

Summary

In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least the initial commit 1da177e4c3f4 ("Linux-2.6.12-rc2"). Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs in net namespaces") converted the procfs to per-netns and made the problem more visible. Even when rpc_proc_register() fails, nfs_net_init() could succeed, and thus nfs_net_exit() will be called while destroying the netns. Then, remove_proc_entry() will be called for non-existing proc directory and trigger the warning below. Let's handle the error of rpc_proc_register() properly in nfs_net_init(). [0]: name 'nfs' WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Modules linked in: CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8 FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310 nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438 ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170 setup_net+0x46c/0x660 net/core/net_namespace.c:372 copy_net_ns+0x244/0x590 net/core/net_namespace.c:505 create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228 ksys_unshare+0x342/0x760 kernel/fork.c:3322 __do_sys_unshare kernel/fork.c:3393 [inline] __se_sys_unshare kernel/fork.c:3391 [inline] __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x7f30d0febe5d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600 RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b33ca18c3a1190208…
	https://git.kernel.org/stable/c/d4891d817350c6739…
	https://git.kernel.org/stable/c/ea6ce93327bd2c8a0…
	https://git.kernel.org/stable/c/8ae63bd858691bee0…
	https://git.kernel.org/stable/c/8a1f89c98dcc542dd…
	https://git.kernel.org/stable/c/9909dde2e53a19585…
	https://git.kernel.org/stable/c/24457f1be29f1e704…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b33ca18c3a1190208dfd569c4fa8a2f93084709f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d4891d817350c67392d4731536945f3809a2a0ba (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8ae63bd858691bee0e2a92571f2fbb36a4d86d65 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8a1f89c98dcc542dd6d287e573523714702e0f9c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9909dde2e53a19585212c32fe3eda482b5faaaa3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 24457f1be29f1e7042e50a7749f5c2dde8c433c8 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36939",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T18:55:43.324430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:06.262Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b33ca18c3a1190208dfd569c4fa8a2f93084709f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d4891d817350c67392d4731536945f3809a2a0ba",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8ae63bd858691bee0e2a92571f2fbb36a4d86d65",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8a1f89c98dcc542dd6d287e573523714702e0f9c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9909dde2e53a19585212c32fe3eda482b5faaaa3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "24457f1be29f1e7042e50a7749f5c2dde8c433c8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet\u0027s handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname \u0027nfs\u0027\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS:  00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:28.626Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
        },
        {
          "url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
        }
      ],
      "title": "nfs: Handle error of rpc_proc_register() in nfs_net_init().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36939",
    "datePublished": "2024-05-30T15:29:27.517Z",
    "dateReserved": "2024-05-30T15:25:07.071Z",
    "dateUpdated": "2025-05-04T09:12:28.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52679 (GCVE-0-2023-52679)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:24 – Updated: 2025-05-04 07:41

Title

of: Fix double free in of_parse_phandle_with_args_map

Summary

In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/26b4d702c44f9e5cf…
	https://git.kernel.org/stable/c/a0a061151a6200c13…
	https://git.kernel.org/stable/c/d5f490343c77e6708…
	https://git.kernel.org/stable/c/4541004084527ce9e…
	https://git.kernel.org/stable/c/b9d760dae5b10e733…
	https://git.kernel.org/stable/c/b64d09a4e8596f76d…
	https://git.kernel.org/stable/c/cafa992134124e785…
	https://git.kernel.org/stable/c/4dde83569832f9377…

Impacted products

Vendor

Product

Version

Linux

Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < 26b4d702c44f9e5cf3c5c001ae619a4a001889db (git)
Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < a0a061151a6200c13149dbcdb6c065203c8425d2 (git)
Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < d5f490343c77e6708b6c4aa7dbbfbcbb9546adea (git)
Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < 4541004084527ce9e95a818ebbc4e6b293ffca21 (git)
Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < b9d760dae5b10e73369b769073525acd7b3be2bd (git)
Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8 (git)
Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < cafa992134124e785609a406da4ff2b54052aff7 (git)
Affected: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa , < 4dde83569832f9377362e50f7748463340c5db6b (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:12:32.015310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:37.773Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:34.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/base.c",
            "drivers/of/unittest-data/tests-phandle.dtsi",
            "drivers/of/unittest.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "26b4d702c44f9e5cf3c5c001ae619a4a001889db",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            },
            {
              "lessThan": "a0a061151a6200c13149dbcdb6c065203c8425d2",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            },
            {
              "lessThan": "d5f490343c77e6708b6c4aa7dbbfbcbb9546adea",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            },
            {
              "lessThan": "4541004084527ce9e95a818ebbc4e6b293ffca21",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            },
            {
              "lessThan": "b9d760dae5b10e73369b769073525acd7b3be2bd",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            },
            {
              "lessThan": "b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            },
            {
              "lessThan": "cafa992134124e785609a406da4ff2b54052aff7",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            },
            {
              "lessThan": "4dde83569832f9377362e50f7748463340c5db6b",
              "status": "affected",
              "version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/base.c",
            "drivers/of/unittest-data/tests-phandle.dtsi",
            "drivers/of/unittest.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:41:24.267Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea"
        },
        {
          "url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b"
        }
      ],
      "title": "of: Fix double free in of_parse_phandle_with_args_map",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52679",
    "datePublished": "2024-05-17T14:24:43.380Z",
    "dateReserved": "2024-03-07T14:49:46.887Z",
    "dateUpdated": "2025-05-04T07:41:24.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35845 (GCVE-0-2024-35845)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:40 – Updated: 2025-05-04 09:06

Title

wifi: iwlwifi: dbg-tlv: ensure NUL termination

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fabe2db7de32a881e…
	https://git.kernel.org/stable/c/96aa40761673da045…
	https://git.kernel.org/stable/c/c855a1a5b7e3de57e…
	https://git.kernel.org/stable/c/783d413f332a3ebec…
	https://git.kernel.org/stable/c/fec14d1cdd92f340b…
	https://git.kernel.org/stable/c/71d4186d470e9cda7…
	https://git.kernel.org/stable/c/ea1d166fae14e05d4…

Impacted products

Vendor

Product

Version

Linux

Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < fabe2db7de32a881e437ee69db32e0de785a6209 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 96aa40761673da045a7774f874487cdb50c6a2f7 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 783d413f332a3ebec916664b366c28f58147f82c (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < fec14d1cdd92f340b9ba2bd220abf96f9609f2a9 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 71d4186d470e9cda7cd1a0921b4afda737c6f641 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "a9248de42464"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.10.214"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.153"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.83"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.23"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.7.11"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35845",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T17:22:01.418573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-134",
                "description": "CWE-134 Use of Externally-Controlled Format String",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:19:05.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fabe2db7de32a881e437ee69db32e0de785a6209",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "96aa40761673da045a7774f874487cdb50c6a2f7",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "783d413f332a3ebec916664b366c28f58147f82c",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "fec14d1cdd92f340b9ba2bd220abf96f9609f2a9",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "71d4186d470e9cda7cd1a0921b4afda737c6f641",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dbg-tlv: ensure NUL termination\n\nThe iwl_fw_ini_debug_info_tlv is used as a string, so we must\nensure the string is terminated correctly before using it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:42.675Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
        },
        {
          "url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
        },
        {
          "url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
        },
        {
          "url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
        }
      ],
      "title": "wifi: iwlwifi: dbg-tlv: ensure NUL termination",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35845",
    "datePublished": "2024-05-17T14:40:12.134Z",
    "dateReserved": "2024-05-17T13:50:33.105Z",
    "dateUpdated": "2025-05-04T09:06:42.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26696 (GCVE-0-2024-26696)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:54 – Updated: 2025-05-04 08:54

Title

nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Syzbot reported a hang issue in migrate_pages_batch() called by mbind() and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch() locks a folio and waits for the writeback to complete, the log writer thread that should bring the writeback to completion picks up the folio being written back in nilfs_lookup_dirty_data_buffers() that it calls for subsequent log creation and was trying to lock the folio. Thus causing a deadlock. In the first place, it is unexpected that folios/pages in the middle of writeback will be updated and become dirty. Nilfs2 adds a checksum to verify the validity of the log being written and uses it for recovery at mount, so data changes during writeback are suppressed. Since this is broken, an unclean shutdown could potentially cause recovery to fail. Investigation revealed that the root cause is that the wait for writeback completion in nilfs_page_mkwrite() is conditional, and if the backing device does not require stable writes, data may be modified without waiting. Fix these issues by making nilfs_page_mkwrite() wait for writeback to finish regardless of the stable write requirement of the backing device.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/228742b2ddfb99dfd…
	https://git.kernel.org/stable/c/862ee4422c38be5c2…
	https://git.kernel.org/stable/c/98a4026b22ff440c7…
	https://git.kernel.org/stable/c/7e9b622bd0748cc10…
	https://git.kernel.org/stable/c/8494ba2c9ea00a54d…
	https://git.kernel.org/stable/c/ea5ddbc11613b55e5…
	https://git.kernel.org/stable/c/e38585401d464578d…
	https://git.kernel.org/stable/c/38296afe3c6ee0731…

Impacted products

Vendor

Product

Version

Linux

Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < 228742b2ddfb99dfd71e5a307e6088ab6836272e (git)
Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < 862ee4422c38be5c249844a684b00d0dbe9d1e46 (git)
Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < 98a4026b22ff440c7f47056481bcbbe442f607d6 (git)
Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < 7e9b622bd0748cc104d66535b76d9b3535f9dc0f (git)
Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < 8494ba2c9ea00a54d5b50e69b22c55a8958bce32 (git)
Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < ea5ddbc11613b55e5128c85f57b08f907abd9b28 (git)
Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < e38585401d464578d30f5868ff4ca54475c34f7d (git)
Affected: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 , < 38296afe3c6ee07319e01bb249aa4bb47c07b534 (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26696",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:52:53.851812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:30.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "228742b2ddfb99dfd71e5a307e6088ab6836272e",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            },
            {
              "lessThan": "862ee4422c38be5c249844a684b00d0dbe9d1e46",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            },
            {
              "lessThan": "98a4026b22ff440c7f47056481bcbbe442f607d6",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            },
            {
              "lessThan": "7e9b622bd0748cc104d66535b76d9b3535f9dc0f",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            },
            {
              "lessThan": "8494ba2c9ea00a54d5b50e69b22c55a8958bce32",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            },
            {
              "lessThan": "ea5ddbc11613b55e5128c85f57b08f907abd9b28",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            },
            {
              "lessThan": "e38585401d464578d30f5868ff4ca54475c34f7d",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            },
            {
              "lessThan": "38296afe3c6ee07319e01bb249aa4bb47c07b534",
              "status": "affected",
              "version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix hang in nilfs_lookup_dirty_data_buffers()\n\nSyzbot reported a hang issue in migrate_pages_batch() called by mbind()\nand nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.\n\nWhile migrate_pages_batch() locks a folio and waits for the writeback to\ncomplete, the log writer thread that should bring the writeback to\ncompletion picks up the folio being written back in\nnilfs_lookup_dirty_data_buffers() that it calls for subsequent log\ncreation and was trying to lock the folio.  Thus causing a deadlock.\n\nIn the first place, it is unexpected that folios/pages in the middle of\nwriteback will be updated and become dirty.  Nilfs2 adds a checksum to\nverify the validity of the log being written and uses it for recovery at\nmount, so data changes during writeback are suppressed.  Since this is\nbroken, an unclean shutdown could potentially cause recovery to fail.\n\nInvestigation revealed that the root cause is that the wait for writeback\ncompletion in nilfs_page_mkwrite() is conditional, and if the backing\ndevice does not require stable writes, data may be modified without\nwaiting.\n\nFix these issues by making nilfs_page_mkwrite() wait for writeback to\nfinish regardless of the stable write requirement of the backing device."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:54:16.666Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e"
        },
        {
          "url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46"
        },
        {
          "url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28"
        },
        {
          "url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534"
        }
      ],
      "title": "nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26696",
    "datePublished": "2024-04-03T14:54:56.926Z",
    "dateReserved": "2024-02-19T14:20:24.156Z",
    "dateUpdated": "2025-05-04T08:54:16.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36016 (GCVE-0-2024-36016)

Vulnerability from cvelistv5 – Published: 2024-05-29 18:46 – Updated: 2025-11-04 17:20

Title

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9513d4148950b05bc…
	https://git.kernel.org/stable/c/b229bc6c6ea9fe459…
	https://git.kernel.org/stable/c/0fb736c9931e02dbc…
	https://git.kernel.org/stable/c/4c267110fc1103907…
	https://git.kernel.org/stable/c/46f52c89a7e7d2691…
	https://git.kernel.org/stable/c/774d83b008eccb1c4…
	https://git.kernel.org/stable/c/f126ce7305fe88f49…
	https://git.kernel.org/stable/c/b890d45aaf02b564e…
	https://git.kernel.org/stable/c/47388e807f85948ee…

Impacted products

Vendor

Product

Version

Linux

Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 9513d4148950b05bc99fa7314dc883cc0e1605e5 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 0fb736c9931e02dbc7d9a75044c8e1c039e50f04 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 4c267110fc110390704cc065edb9817fdd10ff54 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 46f52c89a7e7d2691b97a9728e4591d071ca8abc (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 774d83b008eccb1c48c14dc5486e7aa255731350 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < f126ce7305fe88f49cdabc6db4168b9318898ea3 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < b890d45aaf02b564e6cae2d2a590f9649330857d (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 47388e807f85948eefc403a8a5fdc5b406a65d5a (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b890d45aaf02",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "47388e807f85",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "2.6.35"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "f126ce7305fe",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              },
              {
                "lessThan": "9513d4148950",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              },
              {
                "lessThan": "b229bc6c6ea9",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              },
              {
                "lessThan": "0fb736c9931e",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              },
              {
                "lessThan": "4c267110fc11",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "46f52c89a7e7",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              },
              {
                "lessThan": "774d83b008ec",
                "status": "affected",
                "version": "e1eaea46bb40",
                "versionType": "custom"
              },
              {
                "lessThan": "2.6.35",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.316",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.278",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.219",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.161",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.93",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.33",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.12",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.10",
                "status": "unaffected",
                "version": "6.9.3",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "*",
                "status": "unaffected",
                "version": "6.10",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-30T18:00:26.164343Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T17:58:33.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:57.711Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9513d4148950b05bc99fa7314dc883cc0e1605e5",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "0fb736c9931e02dbc7d9a75044c8e1c039e50f04",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "4c267110fc110390704cc065edb9817fdd10ff54",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "46f52c89a7e7d2691b97a9728e4591d071ca8abc",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "774d83b008eccb1c48c14dc5486e7aa255731350",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "f126ce7305fe88f49cdabc6db4168b9318898ea3",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "b890d45aaf02b564e6cae2d2a590f9649330857d",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "47388e807f85948eefc403a8a5fdc5b406a65d5a",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm-\u003elen\n  Reason: gsm-\u003elen is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm-\u003ebuf\n  Reason: Neither gsm-\u003estate nor gsm-\u003elen have been reset after\n  reconfiguration.\n\nFix this by changing gsm-\u003ecount to gsm-\u003elen comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm-\u003elen and gsm-\u003emru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:38.690Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
        },
        {
          "url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
        },
        {
          "url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
        },
        {
          "url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
        },
        {
          "url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
        }
      ],
      "title": "tty: n_gsm: fix possible out-of-bounds in gsm0_receive()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36016",
    "datePublished": "2024-05-29T18:46:34.778Z",
    "dateReserved": "2024-05-17T13:50:33.154Z",
    "dateUpdated": "2025-11-04T17:20:57.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-7042 (GCVE-0-2023-7042)

Vulnerability from cvelistv5 – Published: 2023-12-21 20:02 – Updated: 2025-11-21 06:23

Title

Kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()

Summary

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2023-7042	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2255497	issue-trackingx_refsource_REDHAT
	https://patchwork.kernel.org/project/linux-wirele…

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 6

cpe:/o:redhat:enterprise_linux:6

Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Credits

Red Hat would like to thank Xingyuan Mo of IceSword Lab for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:50:07.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-7042"
          },
          {
            "name": "RHBZ#2255497",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C25BK2YH5MZ6VNQXKF2NAJBTGXVEPKGC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7042",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T14:50:17.331103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T15:00:46.793Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Xingyuan Mo of IceSword Lab for reporting this issue."
        }
      ],
      "datePublic": "2023-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T06:23:46.282Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-7042"
        },
        {
          "name": "RHBZ#2255497",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497"
        },
        {
          "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-21T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-08T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()",
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-7042",
    "datePublished": "2023-12-21T20:02:16.249Z",
    "dateReserved": "2023-12-21T10:36:53.948Z",
    "dateUpdated": "2025-11-21T06:23:46.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26754 (GCVE-0-2024-26754)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()

Summary

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp] Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 RSP: 0018:ffff888014107220 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? show_regs+0x90/0xa0 ? die_addr+0x50/0xd0 ? exc_general_protection+0x148/0x220 ? asm_exc_general_protection+0x22/0x30 ? gtp_genl_dump_pdp+0x1be/0x800 [gtp] ? __alloc_skb+0x1dd/0x350 ? __pfx___alloc_skb+0x10/0x10 genl_dumpit+0x11d/0x230 netlink_dump+0x5b9/0xce0 ? lockdep_hardirqs_on_prepare+0x253/0x430 ? __pfx_netlink_dump+0x10/0x10 ? kasan_save_track+0x10/0x40 ? __kasan_kmalloc+0x9b/0xa0 ? genl_start+0x675/0x970 __netlink_dump_start+0x6fc/0x9f0 genl_family_rcv_msg_dumpit+0x1bb/0x2d0 ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 ? genl_op_from_small+0x2a/0x440 ? cap_capable+0x1d0/0x240 ? __pfx_genl_start+0x10/0x10 ? __pfx_genl_dumpit+0x10/0x10 ? __pfx_genl_done+0x10/0x10 ? security_capable+0x9d/0xe0

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f0ecdfa679189d26a…
	https://git.kernel.org/stable/c/f8cbd1791900b5d96…
	https://git.kernel.org/stable/c/2e534fd15e5c2ca15…
	https://git.kernel.org/stable/c/a576308800be28f2e…
	https://git.kernel.org/stable/c/3963f16cc7643b461…
	https://git.kernel.org/stable/c/ba6b8b02a3314e625…
	https://git.kernel.org/stable/c/5013bd54d283eda52…
	https://git.kernel.org/stable/c/136cfaca22567a03b…

Impacted products

Vendor

Product

Version

Linux

Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < f0ecdfa679189d26aedfe24212d4e69e42c2c861 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < f8cbd1791900b5d96466eede8e9439a5b9ca4de7 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 2e534fd15e5c2ca15821c897352cf0e8a3e30dca (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < a576308800be28f2eaa099e7caad093b97d66e77 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 3963f16cc7643b461271989b712329520374ad2a (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < ba6b8b02a3314e62571a540efa96560888c5f03e (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 5013bd54d283eda5262c9ae3bcc966d01daf8576 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 136cfaca22567a03bbb3bf53a43d8cb5748b80ec (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26754",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:51:37.587111Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f0ecdfa679189d26aedfe24212d4e69e42c2c861",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "f8cbd1791900b5d96466eede8e9439a5b9ca4de7",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "2e534fd15e5c2ca15821c897352cf0e8a3e30dca",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "a576308800be28f2eaa099e7caad093b97d66e77",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "3963f16cc7643b461271989b712329520374ad2a",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "ba6b8b02a3314e62571a540efa96560888c5f03e",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "5013bd54d283eda5262c9ae3bcc966d01daf8576",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "136cfaca22567a03bbb3bf53a43d8cb5748b80ec",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()\n\nThe gtp_net_ops pernet operations structure for the subsystem must be\nregistered before registering the generic netlink family.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\nRIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]\nCode: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86\n      df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e\n      3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74\nRSP: 0018:ffff888014107220 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000\nFS:  00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x90/0xa0\n ? die_addr+0x50/0xd0\n ? exc_general_protection+0x148/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? gtp_genl_dump_pdp+0x1be/0x800 [gtp]\n ? __alloc_skb+0x1dd/0x350\n ? __pfx___alloc_skb+0x10/0x10\n genl_dumpit+0x11d/0x230\n netlink_dump+0x5b9/0xce0\n ? lockdep_hardirqs_on_prepare+0x253/0x430\n ? __pfx_netlink_dump+0x10/0x10\n ? kasan_save_track+0x10/0x40\n ? __kasan_kmalloc+0x9b/0xa0\n ? genl_start+0x675/0x970\n __netlink_dump_start+0x6fc/0x9f0\n genl_family_rcv_msg_dumpit+0x1bb/0x2d0\n ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10\n ? genl_op_from_small+0x2a/0x440\n ? cap_capable+0x1d0/0x240\n ? __pfx_genl_start+0x10/0x10\n ? __pfx_genl_dumpit+0x10/0x10\n ? __pfx_genl_done+0x10/0x10\n ? security_capable+0x9d/0xe0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:45.919Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca"
        },
        {
          "url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77"
        },
        {
          "url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576"
        },
        {
          "url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec"
        }
      ],
      "title": "gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26754",
    "datePublished": "2024-04-03T17:00:39.079Z",
    "dateReserved": "2024-02-19T14:20:24.170Z",
    "dateUpdated": "2025-05-04T08:55:45.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37353 (GCVE-0-2024-37353)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2024-08-21 23:54

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-08-21T23:54:07.622Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-37353",
    "datePublished": "2024-06-21T10:18:10.995Z",
    "dateRejected": "2024-08-21T23:54:07.622Z",
    "dateReserved": "2024-06-21T10:13:16.289Z",
    "dateUpdated": "2024-08-21T23:54:07.622Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38598 (GCVE-0-2024-38598)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:45 – Updated: 2025-11-04 17:21

Title

md: fix resync softlockup when bitmap size is less than array size

Summary

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976] CPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1 RIP: 0010:_raw_spin_unlock_irq+0x13/0x30 Call Trace: <TASK> md_bitmap_start_sync+0x6b/0xf0 raid10_sync_request+0x25c/0x1b40 [raid10] md_do_sync+0x64b/0x1020 md_thread+0xa7/0x170 kthread+0xcf/0x100 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1a/0x30 And the detailed process is as follows: md_do_sync j = mddev->resync_min while (j < max_sectors) sectors = raid10_sync_request(mddev, j, &skipped) if (!md_bitmap_start_sync(..., &sync_blocks)) // md_bitmap_start_sync set sync_blocks to 0 return sync_blocks + sectors_skippe; // sectors = 0; j += sectors; // j never change Root cause is that commit 301867b1c168 ("md/raid10: check slab-out-of-bounds in md_bitmap_get_counter") return early from md_bitmap_get_counter(), without setting returned blocks. Fix this problem by always set returned blocks from md_bitmap_get_counter"(), as it used to be. Noted that this patch just fix the softlockup problem in kernel, the case that bitmap size doesn't match array size still need to be fixed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d4b9c764d48fa41ca…
	https://git.kernel.org/stable/c/43771597feba89a83…
	https://git.kernel.org/stable/c/3f5b73ef8fd6268cb…
	https://git.kernel.org/stable/c/69296914bfd508c85…
	https://git.kernel.org/stable/c/71e8e4f288e74a896…
	https://git.kernel.org/stable/c/c9566b812c8f66160…
	https://git.kernel.org/stable/c/5817f43ae1a118855…
	https://git.kernel.org/stable/c/8bbc71315e0ae4bb7…
	https://git.kernel.org/stable/c/f0e729af2eb6bee9e…

Impacted products

Vendor

Product

Version

Linux

Affected: 374fb914304d9b500721007f3837ea8f1f9a2418 , < d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798 (git)
Affected: b0b971fe7d61411ede63c3291764dbde1577ef2c , < 43771597feba89a839c5f893716df88ae5c237ce (git)
Affected: 39fa14e824acfd470db4f42c354297456bd82b53 , < 3f5b73ef8fd6268cbc968b308d8eafe56fda97f3 (git)
Affected: a134dd582c0d5b6068efa308bd485cf1d00b3f65 , < 69296914bfd508c85935bf5f711cad9b0fe78492 (git)
Affected: be1a3ec63a840cc9e59a033acf154f56255699a1 , < 71e8e4f288e74a896b6d9cd194f3bab12bd7a10f (git)
Affected: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 , < c9566b812c8f66160466cc1e29df6d3646add0b1 (git)
Affected: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 , < 5817f43ae1a118855676f57ef7ab50e37eac7482 (git)
Affected: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 , < 8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b (git)
Affected: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 , < f0e729af2eb6bee9eb58c4df1087f14ebaefe26b (git)
Affected: 152bb26796ff054af50b2ee1b3ca56e364e4f61b (git)
Affected: bea301c046110bf421a3ce153fb868cb8d618e90 (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:42.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43771597feba89a839c5f893716df88ae5c237ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f5b73ef8fd6268cbc968b308d8eafe56fda97f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69296914bfd508c85935bf5f711cad9b0fe78492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71e8e4f288e74a896b6d9cd194f3bab12bd7a10f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c9566b812c8f66160466cc1e29df6d3646add0b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5817f43ae1a118855676f57ef7ab50e37eac7482"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:30.845814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:54.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md-bitmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798",
              "status": "affected",
              "version": "374fb914304d9b500721007f3837ea8f1f9a2418",
              "versionType": "git"
            },
            {
              "lessThan": "43771597feba89a839c5f893716df88ae5c237ce",
              "status": "affected",
              "version": "b0b971fe7d61411ede63c3291764dbde1577ef2c",
              "versionType": "git"
            },
            {
              "lessThan": "3f5b73ef8fd6268cbc968b308d8eafe56fda97f3",
              "status": "affected",
              "version": "39fa14e824acfd470db4f42c354297456bd82b53",
              "versionType": "git"
            },
            {
              "lessThan": "69296914bfd508c85935bf5f711cad9b0fe78492",
              "status": "affected",
              "version": "a134dd582c0d5b6068efa308bd485cf1d00b3f65",
              "versionType": "git"
            },
            {
              "lessThan": "71e8e4f288e74a896b6d9cd194f3bab12bd7a10f",
              "status": "affected",
              "version": "be1a3ec63a840cc9e59a033acf154f56255699a1",
              "versionType": "git"
            },
            {
              "lessThan": "c9566b812c8f66160466cc1e29df6d3646add0b1",
              "status": "affected",
              "version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
              "versionType": "git"
            },
            {
              "lessThan": "5817f43ae1a118855676f57ef7ab50e37eac7482",
              "status": "affected",
              "version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
              "versionType": "git"
            },
            {
              "lessThan": "8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b",
              "status": "affected",
              "version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
              "versionType": "git"
            },
            {
              "lessThan": "f0e729af2eb6bee9eb58c4df1087f14ebaefe26b",
              "status": "affected",
              "version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "152bb26796ff054af50b2ee1b3ca56e364e4f61b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bea301c046110bf421a3ce153fb868cb8d618e90",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md-bitmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.19.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "5.4.251",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.15.121",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "6.1.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix resync softlockup when bitmap size is less than array size\n\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\n\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n \u003cTASK\u003e\n md_bitmap_start_sync+0x6b/0xf0\n raid10_sync_request+0x25c/0x1b40 [raid10]\n md_do_sync+0x64b/0x1020\n md_thread+0xa7/0x170\n kthread+0xcf/0x100\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1a/0x30\n\nAnd the detailed process is as follows:\n\nmd_do_sync\n j = mddev-\u003eresync_min\n while (j \u003c max_sectors)\n  sectors = raid10_sync_request(mddev, j, \u0026skipped)\n   if (!md_bitmap_start_sync(..., \u0026sync_blocks))\n    // md_bitmap_start_sync set sync_blocks to 0\n    return sync_blocks + sectors_skippe;\n  // sectors = 0;\n  j += sectors;\n  // j never change\n\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\n\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\n\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn\u0027t match array size still need to be fixed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:50.770Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798"
        },
        {
          "url": "https://git.kernel.org/stable/c/43771597feba89a839c5f893716df88ae5c237ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f5b73ef8fd6268cbc968b308d8eafe56fda97f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/69296914bfd508c85935bf5f711cad9b0fe78492"
        },
        {
          "url": "https://git.kernel.org/stable/c/71e8e4f288e74a896b6d9cd194f3bab12bd7a10f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c9566b812c8f66160466cc1e29df6d3646add0b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/5817f43ae1a118855676f57ef7ab50e37eac7482"
        },
        {
          "url": "https://git.kernel.org/stable/c/8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b"
        }
      ],
      "title": "md: fix resync softlockup when bitmap size is less than array size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38598",
    "datePublished": "2024-06-19T13:45:47.309Z",
    "dateReserved": "2024-06-18T19:36:34.932Z",
    "dateUpdated": "2025-11-04T17:21:42.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48627 (GCVE-0-2022-48627)

Vulnerability from cvelistv5 – Published: 2024-03-02 21:31 – Updated: 2025-05-04 08:20

Title

vt: fix memory overlapping when deleting chars in the buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c8686c014b5e872ba…
	https://git.kernel.org/stable/c/815be99d934e32929…
	https://git.kernel.org/stable/c/bfee93c9a6c395f9a…
	https://git.kernel.org/stable/c/57964a5710252bc82…
	https://git.kernel.org/stable/c/14d2cc21ca622310b…
	https://git.kernel.org/stable/c/39cdb68c64d84e71a…

Impacted products

Vendor

Product

Version

Linux

Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < c8686c014b5e872ba7e334f33ca553f14446fc29 (git)
Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 815be99d934e3292906536275f2b8d5131cdf52c (git)
Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < bfee93c9a6c395f9aa62268f1cedf64999844926 (git)
Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 57964a5710252bc82fe22d9fa98c180c58c20244 (git)
Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 14d2cc21ca622310babf373e3a8f0b40acfe8265 (git)
Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 39cdb68c64d84e71a4a717000b6e5de208ee60cc (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.132 , ≤ 5.10.* (semver)
Unaffected: 5.15.56 , ≤ 5.15.* (semver)
Unaffected: 5.18.13 , ≤ 5.18.* (semver)
Unaffected: 5.19 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48627",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T14:23:17.504508Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:04:55.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:55.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/vt/vt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c8686c014b5e872ba7e334f33ca553f14446fc29",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "815be99d934e3292906536275f2b8d5131cdf52c",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "bfee93c9a6c395f9aa62268f1cedf64999844926",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "57964a5710252bc82fe22d9fa98c180c58c20244",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "14d2cc21ca622310babf373e3a8f0b40acfe8265",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "39cdb68c64d84e71a4a717000b6e5de208ee60cc",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/vt/vt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.132",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.132",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.56",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.13",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix memory overlapping when deleting chars in the buffer\n\nA memory overlapping copy occurs when deleting a long line. This memory\noverlapping copy can cause data corruption when scr_memcpyw is optimized\nto memcpy because memcpy does not ensure its behavior if the destination\nbuffer overlaps with the source buffer. The line buffer is not always\nbroken, because the memcpy utilizes the hardware acceleration, whose\nresult is not deterministic.\n\nFix this problem by using replacing the scr_memcpyw with scr_memmovew."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:20:02.253Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
        },
        {
          "url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
        },
        {
          "url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
        },
        {
          "url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
        },
        {
          "url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
        }
      ],
      "title": "vt: fix memory overlapping when deleting chars in the buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48627",
    "datePublished": "2024-03-02T21:31:48.383Z",
    "dateReserved": "2024-02-25T13:44:28.314Z",
    "dateUpdated": "2025-05-04T08:20:02.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36020 (GCVE-0-2024-36020)

Vulnerability from cvelistv5 – Published: 2024-05-30 14:59 – Updated: 2025-05-04 12:56

Title

i40e: fix vf may be used uninitialized in this function warning

Summary

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cc9cd02dd9e8b7764…
	https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01…
	https://git.kernel.org/stable/c/b8e82128b44fa40bf…
	https://git.kernel.org/stable/c/951d2748a2a824285…
	https://git.kernel.org/stable/c/3e89846283f3cf7c7…
	https://git.kernel.org/stable/c/0dcf573f997732702…
	https://git.kernel.org/stable/c/06df7618f591b2dc4…
	https://git.kernel.org/stable/c/f37c4eac99c258111…

Impacted products

Vendor

Product

Version

Linux

Affected: 76ed715836c6994bac29d9638e9314e6e3b08651 , < cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d (git)
Affected: e88c2a1e28c5475065563d66c07ca879a9afbd07 , < 9dcf0fcb80f6aeb01469e3c957f8d4c97365450a (git)
Affected: 9abae363af5ced6adbf04c14366289540281fb26 , < b8e82128b44fa40bf99a50b919488ef361e1683c (git)
Affected: c39de3ae5075ea5f78e097cb5720d4e52d5caed9 , < 951d2748a2a8242853abc3d0c153ce4bf8faad31 (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < 3e89846283f3cf7c7a8e28b342576fd7c561d2ba (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < 0dcf573f997732702917af1563aa2493dc772fc0 (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < 06df7618f591b2dc43c59967e294d7b9fc8675b6 (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < f37c4eac99c258111d414d31b740437e1925b8e8 (git)
Affected: 02f949747e6fb767b29f7931d4bbf40911684e7a (git)

Linux

Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T16:54:29.774868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:10.052Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d",
              "status": "affected",
              "version": "76ed715836c6994bac29d9638e9314e6e3b08651",
              "versionType": "git"
            },
            {
              "lessThan": "9dcf0fcb80f6aeb01469e3c957f8d4c97365450a",
              "status": "affected",
              "version": "e88c2a1e28c5475065563d66c07ca879a9afbd07",
              "versionType": "git"
            },
            {
              "lessThan": "b8e82128b44fa40bf99a50b919488ef361e1683c",
              "status": "affected",
              "version": "9abae363af5ced6adbf04c14366289540281fb26",
              "versionType": "git"
            },
            {
              "lessThan": "951d2748a2a8242853abc3d0c153ce4bf8faad31",
              "status": "affected",
              "version": "c39de3ae5075ea5f78e097cb5720d4e52d5caed9",
              "versionType": "git"
            },
            {
              "lessThan": "3e89846283f3cf7c7a8e28b342576fd7c561d2ba",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "0dcf573f997732702917af1563aa2493dc772fc0",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "06df7618f591b2dc43c59967e294d7b9fc8675b6",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "f37c4eac99c258111d414d31b740437e1925b8e8",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "02f949747e6fb767b29f7931d4bbf40911684e7a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.19.264",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.223",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.153",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.77",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.0.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn\u0027t mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:17.412Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
        },
        {
          "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
        }
      ],
      "title": "i40e: fix vf may be used uninitialized in this function warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36020",
    "datePublished": "2024-05-30T14:59:44.447Z",
    "dateReserved": "2024-05-17T13:50:33.157Z",
    "dateUpdated": "2025-05-04T12:56:17.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26640 (GCVE-0-2024-26640)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:19 – Updated: 2025-05-04 08:52

Title

tcp: add sanity checks to rx zerocopy

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f48bf9a83b1666d93…
	https://git.kernel.org/stable/c/718f446e60316bf60…
	https://git.kernel.org/stable/c/b383d4ea272fe5795…
	https://git.kernel.org/stable/c/d15cc0f66884ef2be…
	https://git.kernel.org/stable/c/1b8adcc0e2c584fec…
	https://git.kernel.org/stable/c/577e4432f3ac81004…

Impacted products

Vendor

Product

Version

Linux

Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < f48bf9a83b1666d934247cb58a9887d7b3127b6f (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < 718f446e60316bf606946f7f42367d691d21541e (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < b383d4ea272fe5795877506dcce5aad1f6330e5e (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < d15cc0f66884ef2bed28c7ccbb11c102aa3a0760 (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < 1b8adcc0e2c584fec778add7777fe28e20781e60 (git)
Affected: 93ab6cc69162775201587cc9da00d5016dc890e2 , < 577e4432f3ac810049cb7e6b71f4d96ec7c6e894 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T14:20:07.780920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:57.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f48bf9a83b1666d934247cb58a9887d7b3127b6f",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "718f446e60316bf606946f7f42367d691d21541e",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "b383d4ea272fe5795877506dcce5aad1f6330e5e",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "d15cc0f66884ef2bed28c7ccbb11c102aa3a0760",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "1b8adcc0e2c584fec778add7777fe28e20781e60",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            },
            {
              "lessThan": "577e4432f3ac810049cb7e6b71f4d96ec7c6e894",
              "status": "affected",
              "version": "93ab6cc69162775201587cc9da00d5016dc890e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add sanity checks to rx zerocopy\n\nTCP rx zerocopy intent is to map pages initially allocated\nfrom NIC drivers, not pages owned by a fs.\n\nThis patch adds to can_map_frag() these additional checks:\n\n- Page must not be a compound one.\n- page-\u003emapping must be NULL.\n\nThis fixes the panic reported by ZhangPeng.\n\nsyzbot was able to loopback packets built with sendfile(),\nmapping pages owned by an ext4 file to TCP rx zerocopy.\n\nr3 = socket$inet_tcp(0x2, 0x1, 0x0)\nmmap(\u0026(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)\nr4 = socket$inet_tcp(0x2, 0x1, 0x0)\nbind$inet(r4, \u0026(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)\nconnect$inet(r4, \u0026(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)\nr5 = openat$dir(0xffffffffffffff9c, \u0026(0x7f00000000c0)=\u0027./file0\\x00\u0027,\n    0x181e42, 0x0)\nfallocate(r5, 0x0, 0x0, 0x85b8)\nsendfile(r4, r5, 0x0, 0x8ba0)\ngetsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23,\n    \u0026(0x7f00000001c0)={\u0026(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0,\n    0x0, 0x0, 0x0, 0x0}, \u0026(0x7f0000000440)=0x40)\nr6 = openat$dir(0xffffffffffffff9c, \u0026(0x7f00000000c0)=\u0027./file0\\x00\u0027,\n    0x181e42, 0x0)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:52.723Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60"
        },
        {
          "url": "https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894"
        }
      ],
      "title": "tcp: add sanity checks to rx zerocopy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26640",
    "datePublished": "2024-03-18T10:19:07.025Z",
    "dateReserved": "2024-02-19T14:20:24.137Z",
    "dateUpdated": "2025-05-04T08:52:52.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27030 (GCVE-0-2024-27030)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:53 – Updated: 2025-05-04 09:02

Title

octeontx2-af: Use separate handlers for interrupts

Summary

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time then two cores serve same event corrupting the data.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/94cb17e5cf3a3c484…
	https://git.kernel.org/stable/c/766c2627acb2d9d17…
	https://git.kernel.org/stable/c/772f18ded0e240cc1…
	https://git.kernel.org/stable/c/29d2550d79a8cbd31…
	https://git.kernel.org/stable/c/dc29dd00705a62c77…
	https://git.kernel.org/stable/c/ad6759e233db6fcc1…
	https://git.kernel.org/stable/c/4fedae8f9eafa2ac8…
	https://git.kernel.org/stable/c/50e60de381c342008…

Impacted products

Vendor

Product

Version

Linux

Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < 94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2 (git)
Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < 766c2627acb2d9d1722cce2e24837044d52d888a (git)
Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < 772f18ded0e240cc1fa2b7020cc640e3e5c32b70 (git)
Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < 29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44 (git)
Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < dc29dd00705a62c77de75b6d752259b869aac49d (git)
Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < ad6759e233db6fcc131055f8e23b4eafbe81053c (git)
Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < 4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701 (git)
Affected: 7304ac4567bcb72fd57cc79582bf53ca7840136f , < 50e60de381c342008c0956fd762e1c26408f372c (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/766c2627acb2d9d1722cce2e24837044d52d888a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/772f18ded0e240cc1fa2b7020cc640e3e5c32b70"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc29dd00705a62c77de75b6d752259b869aac49d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad6759e233db6fcc131055f8e23b4eafbe81053c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/50e60de381c342008c0956fd762e1c26408f372c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27030",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:44:21.007612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:33.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/af/rvu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            },
            {
              "lessThan": "766c2627acb2d9d1722cce2e24837044d52d888a",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            },
            {
              "lessThan": "772f18ded0e240cc1fa2b7020cc640e3e5c32b70",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            },
            {
              "lessThan": "29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            },
            {
              "lessThan": "dc29dd00705a62c77de75b6d752259b869aac49d",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            },
            {
              "lessThan": "ad6759e233db6fcc131055f8e23b4eafbe81053c",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            },
            {
              "lessThan": "4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            },
            {
              "lessThan": "50e60de381c342008c0956fd762e1c26408f372c",
              "status": "affected",
              "version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/af/rvu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Use separate handlers for interrupts\n\nFor PF to AF interrupt vector and VF to AF vector same\ninterrupt handler is registered which is causing race condition.\nWhen two interrupts are raised to two CPUs at same time\nthen two cores serve same event corrupting the data."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:40.056Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2"
        },
        {
          "url": "https://git.kernel.org/stable/c/766c2627acb2d9d1722cce2e24837044d52d888a"
        },
        {
          "url": "https://git.kernel.org/stable/c/772f18ded0e240cc1fa2b7020cc640e3e5c32b70"
        },
        {
          "url": "https://git.kernel.org/stable/c/29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc29dd00705a62c77de75b6d752259b869aac49d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad6759e233db6fcc131055f8e23b4eafbe81053c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701"
        },
        {
          "url": "https://git.kernel.org/stable/c/50e60de381c342008c0956fd762e1c26408f372c"
        }
      ],
      "title": "octeontx2-af: Use separate handlers for interrupts",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27030",
    "datePublished": "2024-05-01T12:53:25.954Z",
    "dateReserved": "2024-02-19T14:20:24.211Z",
    "dateUpdated": "2025-05-04T09:02:40.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35854 (GCVE-0-2024-35854)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negative as the assumption is that this is indicative of migration being complete. This assumption is incorrect as a non-negative number of credits can also be the result of a failed migration. The destruction of a region that still has filters referencing it can result in a use-after-free [1]. Fix by not destroying the region if migration failed. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 Read of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858 CPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70 mlxsw_sp_acl_atcam_entry_del+0x81/0x210 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 174: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Freed by task 7: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_region_destroy+0x272/0x310 mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e118e7ea24d139287…
	https://git.kernel.org/stable/c/a429a912d6c779807…
	https://git.kernel.org/stable/c/4c89642ca47fb6209…
	https://git.kernel.org/stable/c/813e2ab753a8f8c24…
	https://git.kernel.org/stable/c/311eeaa7b9e26aba5…
	https://git.kernel.org/stable/c/a02687044e124f8cc…
	https://git.kernel.org/stable/c/54225988889931467…

Impacted products

Vendor

Product

Version

Linux

Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < e118e7ea24d1392878ef85926627c6bc640c4388 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < a429a912d6c779807f4d72a6cc0a1efaaa3613e1 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 4c89642ca47fb620914780c7c51d8d1248201121 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 813e2ab753a8f8c243a39ede20c2e0adc15f3887 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 311eeaa7b9e26aba5b3d57b09859f07d8e9fc049 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < a02687044e124f8ccb427cd3632124a4e1a7d7c1 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 54225988889931467a9b55fdbef534079b665519 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "c9c9af91f1d9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.4.275"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.10.216"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.158"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.90"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.30"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35854",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T16:58:28.959142Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:17:40.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e118e7ea24d1392878ef85926627c6bc640c4388",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "a429a912d6c779807f4d72a6cc0a1efaaa3613e1",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "4c89642ca47fb620914780c7c51d8d1248201121",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "813e2ab753a8f8c243a39ede20c2e0adc15f3887",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "311eeaa7b9e26aba5b3d57b09859f07d8e9fc049",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "a02687044e124f8ccb427cd3632124a4e1a7d7c1",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "54225988889931467a9b55fdbef534079b665519",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash\n\nThe rehash delayed work migrates filters from one region to another\naccording to the number of available credits.\n\nThe migrated from region is destroyed at the end of the work if the\nnumber of credits is non-negative as the assumption is that this is\nindicative of migration being complete. This assumption is incorrect as\na non-negative number of credits can also be the result of a failed\nmigration.\n\nThe destruction of a region that still has filters referencing it can\nresult in a use-after-free [1].\n\nFix by not destroying the region if migration failed.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\nRead of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858\n\nCPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G        W          6.9.0-rc2-custom-00782-gf2275c2157d8 #5\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\n mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70\n mlxsw_sp_acl_atcam_entry_del+0x81/0x210\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 174:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc+0x19c/0x360\n mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 7:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xc1/0x290\n mlxsw_sp_acl_tcam_region_destroy+0x272/0x310\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:54.144Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388"
        },
        {
          "url": "https://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121"
        },
        {
          "url": "https://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887"
        },
        {
          "url": "https://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049"
        },
        {
          "url": "https://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35854",
    "datePublished": "2024-05-17T14:47:30.775Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:54.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27000 (GCVE-0-2024-27000)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2025-11-04 17:16

Title

serial: mxs-auart: add spinlock around changing cts state

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/56434e295bd446142…
	https://git.kernel.org/stable/c/21535ef0ac1945080…
	https://git.kernel.org/stable/c/0dc0637e6b16158af…
	https://git.kernel.org/stable/c/479244d68f5d94f39…
	https://git.kernel.org/stable/c/2c9b943e9924cf126…
	https://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc…
	https://git.kernel.org/stable/c/94b0e65c75f4af888…
	https://git.kernel.org/stable/c/54c4ec5f8c471b7c1…

Impacted products

Vendor

Product

Version

Linux

Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 56434e295bd446142025913bfdf1587f5e1970ad (git)
Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 21535ef0ac1945080198fe3e4347ea498205c99a (git)
Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 0dc0637e6b16158af85945425821bfd0151adb37 (git)
Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 479244d68f5d94f3903eced52b093c1e01ddb495 (git)
Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 2c9b943e9924cf1269e44289bc5e60e51b0f5270 (git)
Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37 (git)
Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 94b0e65c75f4af888ab2dd6c90f060f762924e86 (git)
Affected: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 , < 54c4ec5f8c471b7c1137a1f769648549c423c026 (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:46:24.840669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:26.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:13.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/mxs-auart.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "56434e295bd446142025913bfdf1587f5e1970ad",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            },
            {
              "lessThan": "21535ef0ac1945080198fe3e4347ea498205c99a",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            },
            {
              "lessThan": "0dc0637e6b16158af85945425821bfd0151adb37",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            },
            {
              "lessThan": "479244d68f5d94f3903eced52b093c1e01ddb495",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            },
            {
              "lessThan": "2c9b943e9924cf1269e44289bc5e60e51b0f5270",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            },
            {
              "lessThan": "5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            },
            {
              "lessThan": "94b0e65c75f4af888ab2dd6c90f060f762924e86",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            },
            {
              "lessThan": "54c4ec5f8c471b7c1137a1f769648549c423c026",
              "status": "affected",
              "version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/mxs-auart.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mxs-auart: add spinlock around changing cts state\n\nThe uart_handle_cts_change() function in serial_core expects the caller\nto hold uport-\u003elock. For example, I have seen the below kernel splat,\nwhen the Bluetooth driver is loaded on an i.MX28 board.\n\n    [   85.119255] ------------[ cut here ]------------\n    [   85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec\n    [   85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs\n    [   85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1\n    [   85.151396] Hardware name: Freescale MXS (Device Tree)\n    [   85.156679] Workqueue: hci0 hci_power_on [bluetooth]\n    (...)\n    [   85.191765]  uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4\n    [   85.198787]  mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210\n    (...)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:51.767Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37"
        },
        {
          "url": "https://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37"
        },
        {
          "url": "https://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86"
        },
        {
          "url": "https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026"
        }
      ],
      "title": "serial: mxs-auart: add spinlock around changing cts state",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27000",
    "datePublished": "2024-05-01T05:28:35.749Z",
    "dateReserved": "2024-02-19T14:20:24.207Z",
    "dateUpdated": "2025-11-04T17:16:13.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38582 (GCVE-0-2024-38582)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2026-01-05 10:36

Title

nilfs2: fix potential hang in nilfs_detach_log_writer()

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut down log writer thread flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (if inode needs sync) nilfs_segctor_sync --> Attempt to synchronize with log writer thread *** DEADLOCK *** Fix this issue by changing nilfs_segctor_sync() so that the log writer thread returns normally without synchronizing after it terminates, and by forcing tasks that are already waiting to complete once after the thread terminates. The skipped inode metadata flushout will then be processed together in the subsequent cleanup work in nilfs_segctor_destroy().

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/911d38be151921a5d…
	https://git.kernel.org/stable/c/bc9cee50a4a4ca23b…
	https://git.kernel.org/stable/c/eff7cdf890b02596b…
	https://git.kernel.org/stable/c/06afce714d87c7cd1…
	https://git.kernel.org/stable/c/1c3844c5f4eac0439…
	https://git.kernel.org/stable/c/a8799662fed1f8747…
	https://git.kernel.org/stable/c/6e5c8e8e024e147b8…
	https://git.kernel.org/stable/c/c516db6ab9eabbedb…
	https://git.kernel.org/stable/c/eb85dace897c5986b…

Impacted products

Vendor

Product

Version

Linux

Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 911d38be151921a5d152bb55e81fd752384c6830 (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < eff7cdf890b02596b8d73e910bdbdd489175dbdb (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0 (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < a8799662fed1f8747edae87a1937549288baca6a (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 6e5c8e8e024e147b834f56f2115aad241433679b (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < c516db6ab9eabbedbc430b4f93b0d8728e9b427f (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < eb85dace897c5986bc2f36b3c783c6abb8a4292e (git)
Affected: c23f3a9fa7826af0465b9408b186f6b555991890 (git)
Affected: 28cd54f27d309bd65db8ff4b8e6275345287484c (git)
Affected: ec7cae16b37ab478d6d7e33e8563b24ca189e6cf (git)
Affected: d26f2dfa556323787ee1ebd5d03aeaa8650c7404 (git)
Affected: 52e87609d9d3ea34cadb5676e8ea85d025ac9632 (git)
Affected: 7bb9e4a06e12583f1418b669dc45bb3ee84496c6 (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T14:52:09.028015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T18:41:35.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:35.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "911d38be151921a5d152bb55e81fd752384c6830",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "eff7cdf890b02596b8d73e910bdbdd489175dbdb",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "a8799662fed1f8747edae87a1937549288baca6a",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "6e5c8e8e024e147b834f56f2115aad241433679b",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "c516db6ab9eabbedbc430b4f93b0d8728e9b427f",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "eb85dace897c5986bc2f36b3c783c6abb8a4292e",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c23f3a9fa7826af0465b9408b186f6b555991890",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "28cd54f27d309bd65db8ff4b8e6275345287484c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ec7cae16b37ab478d6d7e33e8563b24ca189e6cf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d26f2dfa556323787ee1ebd5d03aeaa8650c7404",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "52e87609d9d3ea34cadb5676e8ea85d025ac9632",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7bb9e4a06e12583f1418b669dc45bb3ee84496c6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.68",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.4.107",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.69",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.14.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.18.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n  nilfs_segctor_destroy\n    nilfs_segctor_kill_thread  --\u003e Shut down log writer thread\n    flush_work\n      nilfs_iput_work_func\n        nilfs_dispose_list\n          iput\n            nilfs_evict_inode\n              nilfs_transaction_commit\n                nilfs_construct_segment (if inode needs sync)\n                  nilfs_segctor_sync  --\u003e Attempt to synchronize with\n                                          log writer thread\n                           *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:40.840Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
        },
        {
          "url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
        }
      ],
      "title": "nilfs2: fix potential hang in nilfs_detach_log_writer()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38582",
    "datePublished": "2024-06-19T13:37:39.163Z",
    "dateReserved": "2024-06-18T19:36:34.928Z",
    "dateUpdated": "2026-01-05T10:36:40.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26855 (GCVE-0-2024-26855)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2025-05-04 08:58

Title

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d9fefc51133107e59…
	https://git.kernel.org/stable/c/37fe99016b12d3210…
	https://git.kernel.org/stable/c/8d95465d9a4242004…
	https://git.kernel.org/stable/c/afdd29726a6de4ba2…
	https://git.kernel.org/stable/c/1a770927dc1d642b2…
	https://git.kernel.org/stable/c/0e296067ae0d74a10…
	https://git.kernel.org/stable/c/06e456a05d669ca30…

Impacted products

Vendor

Product

Version

Linux

Affected: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 , < d9fefc51133107e59d192d773be86c1150cfeebb (git)
Affected: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 , < 37fe99016b12d32100ce670216816dba6c48b309 (git)
Affected: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 , < 8d95465d9a424200485792858c5b3be54658ce19 (git)
Affected: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 , < afdd29726a6de4ba27cd15590661424c888dc596 (git)
Affected: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 , < 1a770927dc1d642b22417c3e668c871689fc58b3 (git)
Affected: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 , < 0e296067ae0d74a10b4933601f9aa9f0ec8f157f (git)
Affected: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 , < 06e456a05d669ca30b224b8ed962421770c1496c (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.272 , ≤ 5.4.* (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.82 , ≤ 6.1.* (semver)
Unaffected: 6.6.22 , ≤ 6.6.* (semver)
Unaffected: 6.7.10 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26855",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T14:02:40.817976Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:40.362Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d9fefc51133107e59d192d773be86c1150cfeebb",
              "status": "affected",
              "version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
              "versionType": "git"
            },
            {
              "lessThan": "37fe99016b12d32100ce670216816dba6c48b309",
              "status": "affected",
              "version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
              "versionType": "git"
            },
            {
              "lessThan": "8d95465d9a424200485792858c5b3be54658ce19",
              "status": "affected",
              "version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
              "versionType": "git"
            },
            {
              "lessThan": "afdd29726a6de4ba27cd15590661424c888dc596",
              "status": "affected",
              "version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
              "versionType": "git"
            },
            {
              "lessThan": "1a770927dc1d642b22417c3e668c871689fc58b3",
              "status": "affected",
              "version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
              "versionType": "git"
            },
            {
              "lessThan": "0e296067ae0d74a10b4933601f9aa9f0ec8f157f",
              "status": "affected",
              "version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
              "versionType": "git"
            },
            {
              "lessThan": "06e456a05d669ca30b224b8ed962421770c1496c",
              "status": "affected",
              "version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.272",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.22",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.10",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\n\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:03.566Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb"
        },
        {
          "url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19"
        },
        {
          "url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f"
        },
        {
          "url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c"
        }
      ],
      "title": "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26855",
    "datePublished": "2024-04-17T10:17:17.858Z",
    "dateReserved": "2024-02-19T14:20:24.183Z",
    "dateUpdated": "2025-05-04T08:58:03.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52635 (GCVE-0-2023-52635)

Vulnerability from cvelistv5 – Published: 2024-04-02 06:49 – Updated: 2026-01-05 10:16

Title

PM / devfreq: Synchronize devfreq_monitor_[start/stop]

Summary

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from cancel_delayed_work_sync() and followed by expire_timers() can be seen from the traces[1]. while true do echo "simple_ondemand" > /sys/class/devfreq/1d84000.ufshc/governor echo "performance" > /sys/class/devfreq/1d84000.ufshc/governor done It looks to be issue with devfreq driver where device_monitor_[start/stop] need to synchronized so that delayed work should get corrupted while it is either being queued or running or being cancelled. Let's use polling flag and devfreq lock to synchronize the queueing the timer instance twice and work data being corrupted. [1] ... .. <idle>-0 [003] 9436.209662: timer_cancel timer=0xffffff80444f0428 <idle>-0 [003] 9436.209664: timer_expire_entry timer=0xffffff80444f0428 now=0x10022da1c function=__typeid__ZTSFvP10timer_listE_global_addr baseclk=0x10022da1c <idle>-0 [003] 9436.209718: timer_expire_exit timer=0xffffff80444f0428 kworker/u16:6-14217 [003] 9436.209863: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2b now=0x10022da1c flags=182452227 vendor.xxxyyy.ha-1593 [004] 9436.209888: timer_cancel timer=0xffffff80444f0428 vendor.xxxyyy.ha-1593 [004] 9436.216390: timer_init timer=0xffffff80444f0428 vendor.xxxyyy.ha-1593 [004] 9436.216392: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2c now=0x10022da1d flags=186646532 vendor.xxxyyy.ha-1593 [005] 9436.220992: timer_cancel timer=0xffffff80444f0428 xxxyyyTraceManag-7795 [004] 9436.261641: timer_cancel timer=0xffffff80444f0428 [2] 9436.261653][ C4] Unable to handle kernel paging request at virtual address dead00000000012a [ 9436.261664][ C4] Mem abort info: [ 9436.261666][ C4] ESR = 0x96000044 [ 9436.261669][ C4] EC = 0x25: DABT (current EL), IL = 32 bits [ 9436.261671][ C4] SET = 0, FnV = 0 [ 9436.261673][ C4] EA = 0, S1PTW = 0 [ 9436.261675][ C4] Data abort info: [ 9436.261677][ C4] ISV = 0, ISS = 0x00000044 [ 9436.261680][ C4] CM = 0, WnR = 1 [ 9436.261682][ C4] [dead00000000012a] address between user and kernel address ranges [ 9436.261685][ C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP [ 9436.261701][ C4] Skip md ftrace buffer dump for: 0x3a982d0 ... [ 9436.262138][ C4] CPU: 4 PID: 7795 Comm: TraceManag Tainted: G S W O 5.10.149-android12-9-o-g17f915d29d0c #1 [ 9436.262141][ C4] Hardware name: Qualcomm Technologies, Inc. (DT) [ 9436.262144][ C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO BTYPE=--) [ 9436.262161][ C4] pc : expire_timers+0x9c/0x438 [ 9436.262164][ C4] lr : expire_timers+0x2a4/0x438 [ 9436.262168][ C4] sp : ffffffc010023dd0 [ 9436.262171][ C4] x29: ffffffc010023df0 x28: ffffffd0636fdc18 [ 9436.262178][ C4] x27: ffffffd063569dd0 x26: ffffffd063536008 [ 9436.262182][ C4] x25: 0000000000000001 x24: ffffff88f7c69280 [ 9436.262185][ C4] x23: 00000000000000e0 x22: dead000000000122 [ 9436.262188][ C4] x21: 000000010022da29 x20: ffffff8af72b4e80 [ 9436.262191][ C4] x19: ffffffc010023e50 x18: ffffffc010025038 [ 9436.262195][ C4] x17: 0000000000000240 x16: 0000000000000201 [ 9436.262199][ C4] x15: ffffffffffffffff x14: ffffff889f3c3100 [ 9436.262203][ C4] x13: ffffff889f3c3100 x12: 00000000049f56b8 [ 9436.262207][ C4] x11: 00000000049f56b8 x10: 00000000ffffffff [ 9436.262212][ C4] x9 : ffffffc010023e50 x8 : dead000000000122 [ 9436.262216][ C4] x7 : ffffffffffffffff x6 : ffffffc0100239d8 [ 9436.262220][ C4] x5 : 0000000000000000 x4 : 0000000000000101 [ 9436.262223][ C4] x3 : 0000000000000080 x2 : ffffff8 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3399cc7013e761fee…
	https://git.kernel.org/stable/c/099f6a9edbe30b142…
	https://git.kernel.org/stable/c/31569995fc65007b7…
	https://git.kernel.org/stable/c/0aedb319ef3ed39e9…
	https://git.kernel.org/stable/c/ae815e2fdc284ab31…
	https://git.kernel.org/stable/c/aed5ed595960c6d30…

Impacted products

Vendor

Product

Version

Linux

Affected: 7e6fdd4bad033fa2d73716377b184fa975b0d985 , < 3399cc7013e761fee9d6eec795e9b31ab0cbe475 (git)
Affected: 7e6fdd4bad033fa2d73716377b184fa975b0d985 , < 099f6a9edbe30b142c1d97fe9a4748601d995675 (git)
Affected: 7e6fdd4bad033fa2d73716377b184fa975b0d985 , < 31569995fc65007b73a3fff605ec2b3401b435e9 (git)
Affected: 7e6fdd4bad033fa2d73716377b184fa975b0d985 , < 0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9 (git)
Affected: 7e6fdd4bad033fa2d73716377b184fa975b0d985 , < ae815e2fdc284ab31651d52460698bd89c0fce22 (git)
Affected: 7e6fdd4bad033fa2d73716377b184fa975b0d985 , < aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6 (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52635",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T19:30:55.797428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T19:31:03.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3399cc7013e761fee9d6eec795e9b31ab0cbe475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/099f6a9edbe30b142c1d97fe9a4748601d995675"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31569995fc65007b73a3fff605ec2b3401b435e9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae815e2fdc284ab31651d52460698bd89c0fce22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/devfreq/devfreq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3399cc7013e761fee9d6eec795e9b31ab0cbe475",
              "status": "affected",
              "version": "7e6fdd4bad033fa2d73716377b184fa975b0d985",
              "versionType": "git"
            },
            {
              "lessThan": "099f6a9edbe30b142c1d97fe9a4748601d995675",
              "status": "affected",
              "version": "7e6fdd4bad033fa2d73716377b184fa975b0d985",
              "versionType": "git"
            },
            {
              "lessThan": "31569995fc65007b73a3fff605ec2b3401b435e9",
              "status": "affected",
              "version": "7e6fdd4bad033fa2d73716377b184fa975b0d985",
              "versionType": "git"
            },
            {
              "lessThan": "0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9",
              "status": "affected",
              "version": "7e6fdd4bad033fa2d73716377b184fa975b0d985",
              "versionType": "git"
            },
            {
              "lessThan": "ae815e2fdc284ab31651d52460698bd89c0fce22",
              "status": "affected",
              "version": "7e6fdd4bad033fa2d73716377b184fa975b0d985",
              "versionType": "git"
            },
            {
              "lessThan": "aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6",
              "status": "affected",
              "version": "7e6fdd4bad033fa2d73716377b184fa975b0d985",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/devfreq/devfreq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Synchronize devfreq_monitor_[start/stop]\n\nThere is a chance if a frequent switch of the governor\ndone in a loop result in timer list corruption where\ntimer cancel being done from two place one from\ncancel_delayed_work_sync() and followed by expire_timers()\ncan be seen from the traces[1].\n\nwhile true\ndo\n        echo \"simple_ondemand\" \u003e /sys/class/devfreq/1d84000.ufshc/governor\n        echo \"performance\" \u003e /sys/class/devfreq/1d84000.ufshc/governor\ndone\n\nIt looks to be issue with devfreq driver where\ndevice_monitor_[start/stop] need to synchronized so that\ndelayed work should get corrupted while it is either\nbeing queued or running or being cancelled.\n\nLet\u0027s use polling flag and devfreq lock to synchronize the\nqueueing the timer instance twice and work data being\ncorrupted.\n\n[1]\n...\n..\n\u003cidle\u003e-0    [003]   9436.209662:  timer_cancel   timer=0xffffff80444f0428\n\u003cidle\u003e-0    [003]   9436.209664:  timer_expire_entry   timer=0xffffff80444f0428  now=0x10022da1c  function=__typeid__ZTSFvP10timer_listE_global_addr  baseclk=0x10022da1c\n\u003cidle\u003e-0    [003]   9436.209718:  timer_expire_exit   timer=0xffffff80444f0428\nkworker/u16:6-14217    [003]   9436.209863:  timer_start   timer=0xffffff80444f0428  function=__typeid__ZTSFvP10timer_listE_global_addr  expires=0x10022da2b  now=0x10022da1c  flags=182452227\nvendor.xxxyyy.ha-1593    [004]   9436.209888:  timer_cancel   timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593    [004]   9436.216390:  timer_init   timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593    [004]   9436.216392:  timer_start   timer=0xffffff80444f0428  function=__typeid__ZTSFvP10timer_listE_global_addr  expires=0x10022da2c  now=0x10022da1d  flags=186646532\nvendor.xxxyyy.ha-1593    [005]   9436.220992:  timer_cancel   timer=0xffffff80444f0428\nxxxyyyTraceManag-7795    [004]   9436.261641:  timer_cancel   timer=0xffffff80444f0428\n\n[2]\n\n 9436.261653][    C4] Unable to handle kernel paging request at virtual address dead00000000012a\n[ 9436.261664][    C4] Mem abort info:\n[ 9436.261666][    C4]   ESR = 0x96000044\n[ 9436.261669][    C4]   EC = 0x25: DABT (current EL), IL = 32 bits\n[ 9436.261671][    C4]   SET = 0, FnV = 0\n[ 9436.261673][    C4]   EA = 0, S1PTW = 0\n[ 9436.261675][    C4] Data abort info:\n[ 9436.261677][    C4]   ISV = 0, ISS = 0x00000044\n[ 9436.261680][    C4]   CM = 0, WnR = 1\n[ 9436.261682][    C4] [dead00000000012a] address between user and kernel address ranges\n[ 9436.261685][    C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP\n[ 9436.261701][    C4] Skip md ftrace buffer dump for: 0x3a982d0\n...\n\n[ 9436.262138][    C4] CPU: 4 PID: 7795 Comm: TraceManag Tainted: G S      W  O      5.10.149-android12-9-o-g17f915d29d0c #1\n[ 9436.262141][    C4] Hardware name: Qualcomm Technologies, Inc.  (DT)\n[ 9436.262144][    C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO BTYPE=--)\n[ 9436.262161][    C4] pc : expire_timers+0x9c/0x438\n[ 9436.262164][    C4] lr : expire_timers+0x2a4/0x438\n[ 9436.262168][    C4] sp : ffffffc010023dd0\n[ 9436.262171][    C4] x29: ffffffc010023df0 x28: ffffffd0636fdc18\n[ 9436.262178][    C4] x27: ffffffd063569dd0 x26: ffffffd063536008\n[ 9436.262182][    C4] x25: 0000000000000001 x24: ffffff88f7c69280\n[ 9436.262185][    C4] x23: 00000000000000e0 x22: dead000000000122\n[ 9436.262188][    C4] x21: 000000010022da29 x20: ffffff8af72b4e80\n[ 9436.262191][    C4] x19: ffffffc010023e50 x18: ffffffc010025038\n[ 9436.262195][    C4] x17: 0000000000000240 x16: 0000000000000201\n[ 9436.262199][    C4] x15: ffffffffffffffff x14: ffffff889f3c3100\n[ 9436.262203][    C4] x13: ffffff889f3c3100 x12: 00000000049f56b8\n[ 9436.262207][    C4] x11: 00000000049f56b8 x10: 00000000ffffffff\n[ 9436.262212][    C4] x9 : ffffffc010023e50 x8 : dead000000000122\n[ 9436.262216][    C4] x7 : ffffffffffffffff x6 : ffffffc0100239d8\n[ 9436.262220][    C4] x5 : 0000000000000000 x4 : 0000000000000101\n[ 9436.262223][    C4] x3 : 0000000000000080 x2 : ffffff8\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:54.334Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3399cc7013e761fee9d6eec795e9b31ab0cbe475"
        },
        {
          "url": "https://git.kernel.org/stable/c/099f6a9edbe30b142c1d97fe9a4748601d995675"
        },
        {
          "url": "https://git.kernel.org/stable/c/31569995fc65007b73a3fff605ec2b3401b435e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae815e2fdc284ab31651d52460698bd89c0fce22"
        },
        {
          "url": "https://git.kernel.org/stable/c/aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6"
        }
      ],
      "title": "PM / devfreq: Synchronize devfreq_monitor_[start/stop]",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52635",
    "datePublished": "2024-04-02T06:49:13.143Z",
    "dateReserved": "2024-03-06T09:52:12.092Z",
    "dateUpdated": "2026-01-05T10:16:54.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-24861 (GCVE-0-2024-24861)

Vulnerability from cvelistv5 – Published: 2024-02-05 07:26 – Updated: 2025-02-13 17:40

Title

Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency()

Summary

A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Anolis

References

URL

Tags

	https://bugzilla.openanolis.cn/show_bug.cgi?id=8150
	https://lists.debian.org/debian-lts-announce/2024…
	https://lists.debian.org/debian-lts-announce/2024…

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Affected: v3.1-rc1 , < v6.8-rc1 (custom)

Credits

白家驹 <baijiaju@buaa.edu.cn> 韩桂栋 <hanguidong@buaa.edu.cn>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T18:11:41.377364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:43:39.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:12.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://kernel.org/",
          "defaultStatus": "unaffected",
          "modules": [
            "media",
            "xc4000"
          ],
          "packageName": "kernel",
          "platforms": [
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Linux kernel",
          "programFiles": [
            "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/media/tuners/xc4000.c"
          ],
          "repo": "https://gitee.com/anolis/cloud-kernel.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v6.8-rc1",
              "status": "affected",
              "version": "v3.1-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\u003c/p\u003e"
            }
          ],
          "value": "A race condition was found in the Linux kernel\u0027s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-26",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-26 Leveraging Race Conditions"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T12:12:24.933Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency()",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2024-24861",
    "datePublished": "2024-02-05T07:26:43.824Z",
    "dateReserved": "2024-02-01T09:11:56.214Z",
    "dateUpdated": "2025-02-13T17:40:35.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26773 (GCVE-0-2024-26773)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-01-05 10:34

Title

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21f8cfe79f7762874…
	https://git.kernel.org/stable/c/260fc96283c0f594d…
	https://git.kernel.org/stable/c/927794a02169778c9…
	https://git.kernel.org/stable/c/4c21fa60a6f4606f6…
	https://git.kernel.org/stable/c/f97e75fa4e12b0aa0…
	https://git.kernel.org/stable/c/0184747b552d6b5a1…
	https://git.kernel.org/stable/c/a2576ae9a35c078e4…
	https://git.kernel.org/stable/c/4530b3660d396a646…

Impacted products

Vendor

Product

Version

Linux

Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 21f8cfe79f776287459343e9cfa6055af61328ea (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 260fc96283c0f594de18a1b045faf6d8fb42874d (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 927794a02169778c9c2e7b25c768ab3ea8c1dc03 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 4c21fa60a6f4606f6214a38f50612b17b2f738f5 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < f97e75fa4e12b0aa0224e83fcbda8853ac2adf36 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 0184747b552d6b5a14db3b7fcc3b792ce64dedd1 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < a2576ae9a35c078e488f2c573e9e6821d651fbbe (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 4530b3660d396a646aad91a787b6ab37cf604b53 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26773",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:50:26.209110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:10.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/mballoc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21f8cfe79f776287459343e9cfa6055af61328ea",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "260fc96283c0f594de18a1b045faf6d8fb42874d",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "927794a02169778c9c2e7b25c768ab3ea8c1dc03",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "4c21fa60a6f4606f6214a38f50612b17b2f738f5",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "f97e75fa4e12b0aa0224e83fcbda8853ac2adf36",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "0184747b552d6b5a14db3b7fcc3b792ce64dedd1",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "a2576ae9a35c078e488f2c573e9e6821d651fbbe",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "4530b3660d396a646aad91a787b6ab37cf604b53",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/mballoc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n  ext4_lock_group(sb, group)\n  ext4_mb_good_group\n   // check if the group bbitmap is corrupted\n  ext4_mb_complex_scan_group\n   // Scan group gets ac_b_ex but doesn\u0027t use it\n  ext4_unlock_group(sb, group)\n                           ext4_mark_group_bitmap_corrupted(group)\n                           // The block bitmap was corrupted during\n                           // the group unlock gap.\n  ext4_mb_try_best_found\n    ext4_lock_group(ac-\u003eac_sb, group)\n    ext4_mb_use_best_found\n      mb_mark_used\n      // Allocating blocks in block bitmap corrupted group"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:28.426Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
        },
        {
          "url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
        },
        {
          "url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
        }
      ],
      "title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26773",
    "datePublished": "2024-04-03T17:00:59.757Z",
    "dateReserved": "2024-02-19T14:20:24.176Z",
    "dateUpdated": "2026-01-05T10:34:28.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36954 (GCVE-0-2024-36954)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2025-05-04 12:56

Title

tipc: fix a possible memleak in tipc_buf_append

Summary

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/01cd1b7b685751ee4…
	https://git.kernel.org/stable/c/2f87fd9476cf9725d…
	https://git.kernel.org/stable/c/adbce6d20da6254c8…
	https://git.kernel.org/stable/c/42c8471b0566c7539…
	https://git.kernel.org/stable/c/d03a82f4f8144befd…
	https://git.kernel.org/stable/c/614c5a5ae45a92159…
	https://git.kernel.org/stable/c/3210d34fda4caff21…
	https://git.kernel.org/stable/c/97bf6f81b29a8efaf…

Impacted products

Vendor

Product

Version

Linux

Affected: 4b1761898861117c97066aea6c58f68a7787f0bf , < 01cd1b7b685751ee422d00d050292a3d277652d6 (git)
Affected: 64d17ec9f1ded042c4b188d15734f33486ed9966 , < 2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae (git)
Affected: 6da24cfc83ba4f97ea44fc7ae9999a006101755c , < adbce6d20da6254c86425a8d4359b221b5ccbccd (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < d03a82f4f8144befdc10518e732e2a60b34c870e (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 614c5a5ae45a921595952117b2e2bd4d4bf9b574 (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 3210d34fda4caff212cb53729e6bd46de604d565 (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 97bf6f81b29a8efaf5d0983251a7450e5794370d (git)
Affected: b2c8d28c34b3070407cb1741f9ba3f15d0284b8b (git)
Affected: 5489f30bb78ff0dafb4229a69632afc2ba20765c (git)
Affected: 436d650d374329a591c30339a91fa5078052ed1e (git)
Affected: ace300eecbccaa698e2b472843c74a5f33f7dce8 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:38.594682Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:59.306Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "01cd1b7b685751ee422d00d050292a3d277652d6",
              "status": "affected",
              "version": "4b1761898861117c97066aea6c58f68a7787f0bf",
              "versionType": "git"
            },
            {
              "lessThan": "2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae",
              "status": "affected",
              "version": "64d17ec9f1ded042c4b188d15734f33486ed9966",
              "versionType": "git"
            },
            {
              "lessThan": "adbce6d20da6254c86425a8d4359b221b5ccbccd",
              "status": "affected",
              "version": "6da24cfc83ba4f97ea44fc7ae9999a006101755c",
              "versionType": "git"
            },
            {
              "lessThan": "42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "d03a82f4f8144befdc10518e732e2a60b34c870e",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "614c5a5ae45a921595952117b2e2bd4d4bf9b574",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "3210d34fda4caff212cb53729e6bd46de604d565",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "97bf6f81b29a8efaf5d0983251a7450e5794370d",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b2c8d28c34b3070407cb1741f9ba3f15d0284b8b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5489f30bb78ff0dafb4229a69632afc2ba20765c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "436d650d374329a591c30339a91fa5078052ed1e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ace300eecbccaa698e2b472843c74a5f33f7dce8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "4.19.193",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "5.4.124",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "5.10.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.271",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.271",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.235",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:33.433Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
        },
        {
          "url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
        },
        {
          "url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
        },
        {
          "url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
        },
        {
          "url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
        }
      ],
      "title": "tipc: fix a possible memleak in tipc_buf_append",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36954",
    "datePublished": "2024-05-30T15:35:48.665Z",
    "dateReserved": "2024-05-30T15:25:07.080Z",
    "dateUpdated": "2025-05-04T12:56:33.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37356 (GCVE-0-2024-37356)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:21

Title

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). In dctcp_update_alpha(), we use a module parameter dctcp_shift_g as follows: alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g); ... delivered_ce <<= (10 - dctcp_shift_g); It seems syzkaller started fuzzing module parameters and triggered shift-out-of-bounds [0] by setting 100 to dctcp_shift_g: memcpy((void*)0x20000080, "/sys/module/tcp_dctcp/parameters/dctcp_shift_g\000", 47); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul, /*flags=*/2ul, /*mode=*/0ul); memcpy((void*)0x20000000, "100\000", 4); syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul); Let's limit the max value of dctcp_shift_g by param_set_uint_minmax(). With this patch: # echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g 10 # echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g -bash: echo: write error: Invalid argument [0]: UBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12 shift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468 dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143 tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline] tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948 tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711 tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937 sk_backlog_rcv include/net/sock.h:1106 [inline] __release_sock+0x20f/0x350 net/core/sock.c:2983 release_sock+0x61/0x1f0 net/core/sock.c:3549 mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907 mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976 __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072 mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127 inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437 __sock_release net/socket.c:659 [inline] sock_close+0xc0/0x240 net/socket.c:1421 __fput+0x41b/0x890 fs/file_table.c:422 task_work_run+0x23b/0x300 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x9c8/0x2540 kernel/exit.c:878 do_group_exit+0x201/0x2b0 kernel/exit.c:1027 __do_sys_exit_group kernel/exit.c:1038 [inline] __se_sys_exit_group kernel/exit.c:1036 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x67/0x6f RIP: 0033:0x7f6c2b5005b6 Code: Unable to access opcode bytes at 0x7f6c2b50058c. RSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6 RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 RBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0 R10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/06d0fe049b51b0a92…
	https://git.kernel.org/stable/c/6aacaa80d962f4916…
	https://git.kernel.org/stable/c/e9b2f60636d18dfd0…
	https://git.kernel.org/stable/c/8602150286a2a860a…
	https://git.kernel.org/stable/c/e65d13ec00a738fa7…
	https://git.kernel.org/stable/c/02261d3f9dc7d1d7b…
	https://git.kernel.org/stable/c/237340dee373b9783…
	https://git.kernel.org/stable/c/3ebc46ca8675de637…

Impacted products

Vendor

Product

Version

Linux

Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6 (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 6aacaa80d962f4916ccf90e2080306cec6c90fcf (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31 (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 8602150286a2a860a1dc55cbd04f99316f19b40a (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < e65d13ec00a738fa7661925fd5929ab3c765d4be (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 02261d3f9dc7d1d7be7d778f839e3404ab99034c (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 237340dee373b97833a491d2e99fcf1d4a9adafd (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 3ebc46ca8675de6378e3f8f40768e180bb8afa66 (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:56:45.436880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:57:55.391Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:20.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_dctcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "6aacaa80d962f4916ccf90e2080306cec6c90fcf",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "8602150286a2a860a1dc55cbd04f99316f19b40a",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "e65d13ec00a738fa7661925fd5929ab3c765d4be",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "02261d3f9dc7d1d7be7d778f839e3404ab99034c",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "237340dee373b97833a491d2e99fcf1d4a9adafd",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "3ebc46ca8675de6378e3f8f40768e180bb8afa66",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_dctcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix shift-out-of-bounds in dctcp_update_alpha().\n\nIn dctcp_update_alpha(), we use a module parameter dctcp_shift_g\nas follows:\n\n  alpha -= min_not_zero(alpha, alpha \u003e\u003e dctcp_shift_g);\n  ...\n  delivered_ce \u003c\u003c= (10 - dctcp_shift_g);\n\nIt seems syzkaller started fuzzing module parameters and triggered\nshift-out-of-bounds [0] by setting 100 to dctcp_shift_g:\n\n  memcpy((void*)0x20000080,\n         \"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\\000\", 47);\n  res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,\n                /*flags=*/2ul, /*mode=*/0ul);\n  memcpy((void*)0x20000000, \"100\\000\", 4);\n  syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);\n\nLet\u0027s limit the max value of dctcp_shift_g by param_set_uint_minmax().\n\nWith this patch:\n\n  # echo 10 \u003e /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n  # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n  10\n  # echo 11 \u003e /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n  -bash: echo: write error: Invalid argument\n\n[0]:\nUBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12\nshift exponent 100 is too large for 32-bit type \u0027u32\u0027 (aka \u0027unsigned int\u0027)\nCPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468\n dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143\n tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]\n tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948\n tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711\n tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937\n sk_backlog_rcv include/net/sock.h:1106 [inline]\n __release_sock+0x20f/0x350 net/core/sock.c:2983\n release_sock+0x61/0x1f0 net/core/sock.c:3549\n mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907\n mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976\n __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072\n mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127\n inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:659 [inline]\n sock_close+0xc0/0x240 net/socket.c:1421\n __fput+0x41b/0x890 fs/file_table.c:422\n task_work_run+0x23b/0x300 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x9c8/0x2540 kernel/exit.c:878\n do_group_exit+0x201/0x2b0 kernel/exit.c:1027\n __do_sys_exit_group kernel/exit.c:1038 [inline]\n __se_sys_exit_group kernel/exit.c:1036 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x7f6c2b5005b6\nCode: Unable to access opcode bytes at 0x7f6c2b50058c.\nRSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6\nRDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001\nRBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:22.548Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31"
        },
        {
          "url": "https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be"
        },
        {
          "url": "https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c"
        },
        {
          "url": "https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66"
        }
      ],
      "title": "tcp: Fix shift-out-of-bounds in dctcp_update_alpha().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-37356",
    "datePublished": "2024-06-21T10:18:11.642Z",
    "dateReserved": "2024-06-21T10:13:16.306Z",
    "dateUpdated": "2025-11-04T17:21:20.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36964 (GCVE-0-2024-36964)

Vulnerability from cvelistv5 – Published: 2024-06-03 07:50 – Updated: 2026-01-05 10:36

Title

fs/9p: only translate RWX permissions for plain 9P2000

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent since the unix extended bits are handled explicitly and conditionally on .u.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e90bc596a74bb905e…
	https://git.kernel.org/stable/c/df1962a199783ecd6…
	https://git.kernel.org/stable/c/5a605930e19f45129…
	https://git.kernel.org/stable/c/ad4f65328661392de…
	https://git.kernel.org/stable/c/ca9b5c81f0c918c63…
	https://git.kernel.org/stable/c/e55c601af3b1223a8…
	https://git.kernel.org/stable/c/157d468e34fdd3cb1…
	https://git.kernel.org/stable/c/cd25e15e57e68a6b1…

Impacted products

Vendor

Product

Version

Linux

Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < e90bc596a74bb905e0a45bf346038c3f9d1e868d (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < df1962a199783ecd66734d563caf0fedecf08f96 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < 5a605930e19f451294bd838754f7d66c976a8a2c (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < ad4f65328661392de74e3608bb736fedf3b67e32 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < ca9b5c81f0c918c63d73d962ed8a8e231f840bc8 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < e55c601af3b1223a84f9f27f9cdbd2af5e203bf3 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < 157d468e34fdd3cb1ddc07c2be32fb3b02826b02 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < cd25e15e57e68a6b18dc9323047fe9c68b99290b (git)
Affected: 29a3e8657d2a2640384166e3fe29a086d235fc33 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36964",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T18:11:48.356880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T18:11:56.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e90bc596a74bb905e0a45bf346038c3f9d1e868d",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "df1962a199783ecd66734d563caf0fedecf08f96",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "5a605930e19f451294bd838754f7d66c976a8a2c",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "ad4f65328661392de74e3608bb736fedf3b67e32",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "ca9b5c81f0c918c63d73d962ed8a8e231f840bc8",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "e55c601af3b1223a84f9f27f9cdbd2af5e203bf3",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "157d468e34fdd3cb1ddc07c2be32fb3b02826b02",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "cd25e15e57e68a6b18dc9323047fe9c68b99290b",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "29a3e8657d2a2640384166e3fe29a086d235fc33",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.0.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: only translate RWX permissions for plain 9P2000\n\nGarbage in plain 9P2000\u0027s perm bits is allowed through, which causes it\nto be able to set (among others) the suid bit. This was presumably not\nthe intent since the unix extended bits are handled explicitly and\nconditionally on .u."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:36.223Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
        },
        {
          "url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
        }
      ],
      "title": "fs/9p: only translate RWX permissions for plain 9P2000",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36964",
    "datePublished": "2024-06-03T07:50:01.987Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2026-01-05T10:36:36.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26809 (GCVE-0-2024-26809)

Vulnerability from cvelistv5 – Published: 2024-04-04 09:51 – Updated: 2025-05-04 12:54

Title

netfilter: nft_set_pipapo: release elements in clone only from destroy path

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b36b83297ff4910df…
	https://git.kernel.org/stable/c/362508506bf545e9c…
	https://git.kernel.org/stable/c/5ad233dc731ab64cd…
	https://git.kernel.org/stable/c/ff90050771412b91e…
	https://git.kernel.org/stable/c/821e28d5b506e6a73…
	https://git.kernel.org/stable/c/9384b4d85c46ce839…
	https://git.kernel.org/stable/c/b0e256f3dd2ba6532…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a6430b99f67842617c7208ca55a411e903ba03a , < b36b83297ff4910dfc8705402c8abffd4bbf8144 (git)
Affected: 5ccecafc728b0df48263d5ac198220bcd79830bc , < 362508506bf545e9ce18c72a2c48dcbfb891ab9c (git)
Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < 5ad233dc731ab64cdc47b84a5c1f78fff6c024af (git)
Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < ff90050771412b91e928093ccd8736ae680063c2 (git)
Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < 821e28d5b506e6a73ccc367ff792bd894050d48b (git)
Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < 9384b4d85c46ce839f51af01374062ce6318b2f2 (git)
Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (git)
Affected: d2b18d110685ce46ca1633b8ec586c685e243a51 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26809",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:40.137148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:44.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b36b83297ff4910dfc8705402c8abffd4bbf8144",
              "status": "affected",
              "version": "4a6430b99f67842617c7208ca55a411e903ba03a",
              "versionType": "git"
            },
            {
              "lessThan": "362508506bf545e9ce18c72a2c48dcbfb891ab9c",
              "status": "affected",
              "version": "5ccecafc728b0df48263d5ac198220bcd79830bc",
              "versionType": "git"
            },
            {
              "lessThan": "5ad233dc731ab64cdc47b84a5c1f78fff6c024af",
              "status": "affected",
              "version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
              "versionType": "git"
            },
            {
              "lessThan": "ff90050771412b91e928093ccd8736ae680063c2",
              "status": "affected",
              "version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
              "versionType": "git"
            },
            {
              "lessThan": "821e28d5b506e6a73ccc367ff792bd894050d48b",
              "status": "affected",
              "version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
              "versionType": "git"
            },
            {
              "lessThan": "9384b4d85c46ce839f51af01374062ce6318b2f2",
              "status": "affected",
              "version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
              "versionType": "git"
            },
            {
              "lessThan": "b0e256f3dd2ba6532f37c5c22e07cb07a36031ee",
              "status": "affected",
              "version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d2b18d110685ce46ca1633b8ec586c685e243a51",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.10.130",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.15.54",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.18.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\")."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:50.329Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144"
        },
        {
          "url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee"
        }
      ],
      "title": "netfilter: nft_set_pipapo: release elements in clone only from destroy path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26809",
    "datePublished": "2024-04-04T09:51:51.245Z",
    "dateReserved": "2024-02-19T14:20:24.179Z",
    "dateUpdated": "2025-05-04T12:54:50.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27046 (GCVE-0-2024-27046)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2025-05-04 09:03

Title

nfp: flower: handle acti_netdevs allocation failure

Summary

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d746889db75a76aee…
	https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc…
	https://git.kernel.org/stable/c/928705e341010dd91…
	https://git.kernel.org/stable/c/0d387dc503f9a53e6…
	https://git.kernel.org/stable/c/c9b4e220dd18f7950…
	https://git.kernel.org/stable/c/408ba7fd04f959c61…
	https://git.kernel.org/stable/c/c8df9203bf22c66fa…
	https://git.kernel.org/stable/c/9d8eb1238377cd994…
	https://git.kernel.org/stable/c/84e95149bd341705f…

Impacted products

Vendor

Product

Version

Linux

Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < d746889db75a76aeee95fb705b8e1ac28c684a2e (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 3b1e8a617eb0f4cdc19def530047a95b5abde07d (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 928705e341010dd910fdece61ccb974f494a758f (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 0d387dc503f9a53e6d1f6e9dd0292d38f083eba5 (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < c9b4e220dd18f79507803f38a55d53b483f6c9c3 (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 408ba7fd04f959c61b50db79c983484312fea642 (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < c8df9203bf22c66fa26e8d8c7f8ce181cf88099d (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 9d8eb1238377cd994829f9162ae396a84ae037b2 (git)
Affected: bb9a8d031140f186d13d82f57b0f5646d596652f , < 84e95149bd341705f0eca6a7fcb955c548805002 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27046",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:40:11.581706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:45:28.272Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181cf88099d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d8eb1238377cd994829f9162ae396a84ae037b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84e95149bd341705f0eca6a7fcb955c548805002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/netronome/nfp/flower/lag_conf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d746889db75a76aeee95fb705b8e1ac28c684a2e",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "3b1e8a617eb0f4cdc19def530047a95b5abde07d",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "928705e341010dd910fdece61ccb974f494a758f",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "0d387dc503f9a53e6d1f6e9dd0292d38f083eba5",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "c9b4e220dd18f79507803f38a55d53b483f6c9c3",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "408ba7fd04f959c61b50db79c983484312fea642",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "c8df9203bf22c66fa26e8d8c7f8ce181cf88099d",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "9d8eb1238377cd994829f9162ae396a84ae037b2",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            },
            {
              "lessThan": "84e95149bd341705f0eca6a7fcb955c548805002",
              "status": "affected",
              "version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/netronome/nfp/flower/lag_conf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: flower: handle acti_netdevs allocation failure\n\nThe kmalloc_array() in nfp_fl_lag_do_work() will return null, if\nthe physical memory has run out. As a result, if we dereference\nthe acti_netdevs, the null pointer dereference bugs will happen.\n\nThis patch adds a check to judge whether allocation failure occurs.\nIf it happens, the delayed work will be rescheduled and try again."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:03:02.921Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d"
        },
        {
          "url": "https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181cf88099d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d8eb1238377cd994829f9162ae396a84ae037b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/84e95149bd341705f0eca6a7fcb955c548805002"
        }
      ],
      "title": "nfp: flower: handle acti_netdevs allocation failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27046",
    "datePublished": "2024-05-01T12:54:21.725Z",
    "dateReserved": "2024-02-19T14:20:24.213Z",
    "dateUpdated": "2025-05-04T09:03:02.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26633 (GCVE-0-2024-26633)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:07 – Updated: 2025-05-04 12:54

Title

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

Summary

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated---

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/135414f300c5db995…
	https://git.kernel.org/stable/c/3f15ba3dc14e6ee00…
	https://git.kernel.org/stable/c/da23bd709b46168f7…
	https://git.kernel.org/stable/c/4329426cf6b8e22b7…
	https://git.kernel.org/stable/c/62a1fedeb14c7ac09…
	https://git.kernel.org/stable/c/687c5d52fe53e602e…
	https://git.kernel.org/stable/c/ba8d904c274268b18…
	https://git.kernel.org/stable/c/d375b98e024898068…

Impacted products

Vendor

Product

Version

Linux

Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 135414f300c5db995e2a2f3bf0f455de9d014aee (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 3f15ba3dc14e6ee002ea01b4faddc3d49200377c (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < da23bd709b46168f7dfc36055801011222b076cd (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 4329426cf6b8e22b798db2331c7ef1dd2a9c748d (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 687c5d52fe53e602e76826dbd4d7af412747e183 (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < ba8d904c274268b18ef3dc11d3ca7b24a96cb087 (git)
Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < d375b98e0248980681e5e56b712026174d617198 (git)
Affected: a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694 (git)
Affected: 72bbf335e7aad09c88c50dbdd238f4faabd12174 (git)
Affected: decccc92ee0a978a1c268b5df16824cb6384ed3c (git)
Affected: d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25 (git)
Affected: d397f7035d2c754781bbe93b07b94d8cd898620c (git)
Affected: 41e07a7e01d951cfd4c9a7dac90c921269d89513 (git)
Affected: a7fe4e5d06338e1a82b1977eca37400951f99730 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T19:01:45.822242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T17:13:27.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-20T13:06:42.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241220-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "135414f300c5db995e2a2f3bf0f455de9d014aee",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "3f15ba3dc14e6ee002ea01b4faddc3d49200377c",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "da23bd709b46168f7dfc36055801011222b076cd",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "4329426cf6b8e22b798db2331c7ef1dd2a9c748d",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "62a1fedeb14c7ac0947ef33fadbabd35ed2400a2",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "687c5d52fe53e602e76826dbd4d7af412747e183",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "ba8d904c274268b18ef3dc11d3ca7b24a96cb087",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "lessThan": "d375b98e0248980681e5e56b712026174d617198",
              "status": "affected",
              "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "72bbf335e7aad09c88c50dbdd238f4faabd12174",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "decccc92ee0a978a1c268b5df16824cb6384ed3c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d397f7035d2c754781bbe93b07b94d8cd898620c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "41e07a7e01d951cfd4c9a7dac90c921269d89513",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a7fe4e5d06338e1a82b1977eca37400951f99730",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.87",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.106",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.71",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.18.49",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.50",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()\n\nsyzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.\n\nReading frag_off can only be done if we pulled enough bytes\nto skb-\u003ehead. Currently we might access garbage.\n\n[1]\nBUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendmsg net/socket.c:2676 [inline]\n__se_sys_sendmsg net/socket.c:2674 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\nslab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\nslab_alloc_node mm/slub.c:3478 [inline]\n__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n__do_kmalloc_node mm/slab_common.c:1006 [inline]\n__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027\nkmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\npskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098\n__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655\npskb_may_pull_reason include/linux/skbuff.h:2673 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\nip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendms\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:18.313Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
        },
        {
          "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
        },
        {
          "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
        },
        {
          "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
        }
      ],
      "title": "ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26633",
    "datePublished": "2024-03-18T10:07:49.468Z",
    "dateReserved": "2024-02-19T14:20:24.136Z",
    "dateUpdated": "2025-05-04T12:54:18.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26751 (GCVE-0-2024-26751)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

ARM: ep93xx: Add terminator to gpiod_lookup_table

Summary

In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiod_lookup_table Without the terminator, if a con_id is passed to gpio_find() that does not exist in the lookup table the function will not stop looping correctly, and eventually cause an oops.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9e200a06ae2abb321…
	https://git.kernel.org/stable/c/999a8bb70da294633…
	https://git.kernel.org/stable/c/70d92abbe29692a3d…
	https://git.kernel.org/stable/c/eec6cbbfa1e8d685c…
	https://git.kernel.org/stable/c/786f089086b505372…
	https://git.kernel.org/stable/c/97ba7c1f9c0a2401e…
	https://git.kernel.org/stable/c/6abe0895b63c20de0…
	https://git.kernel.org/stable/c/fdf87a0dc26d0550c…

Impacted products

Vendor

Product

Version

Linux

Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < 9e200a06ae2abb321939693008290af32b33dd6e (git)
Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < 999a8bb70da2946336327b4480824d1691cae1fa (git)
Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < 70d92abbe29692a3de8697ae082c60f2d21ab482 (git)
Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < eec6cbbfa1e8d685cc245cfd5626d0715a127a48 (git)
Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < 786f089086b505372fb3f4f008d57e7845fff0d8 (git)
Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < 97ba7c1f9c0a2401e644760d857b2386aa895997 (git)
Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < 6abe0895b63c20de06685c8544b908c7e413efa8 (git)
Affected: b2e63555592f81331c8da3afaa607d8cf83e8138 , < fdf87a0dc26d0550c60edc911cda42f9afec3557 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:36:01.250592Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:52.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm/mach-ep93xx/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9e200a06ae2abb321939693008290af32b33dd6e",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            },
            {
              "lessThan": "999a8bb70da2946336327b4480824d1691cae1fa",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            },
            {
              "lessThan": "70d92abbe29692a3de8697ae082c60f2d21ab482",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            },
            {
              "lessThan": "eec6cbbfa1e8d685cc245cfd5626d0715a127a48",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            },
            {
              "lessThan": "786f089086b505372fb3f4f008d57e7845fff0d8",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            },
            {
              "lessThan": "97ba7c1f9c0a2401e644760d857b2386aa895997",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            },
            {
              "lessThan": "6abe0895b63c20de06685c8544b908c7e413efa8",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            },
            {
              "lessThan": "fdf87a0dc26d0550c60edc911cda42f9afec3557",
              "status": "affected",
              "version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm/mach-ep93xx/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: ep93xx: Add terminator to gpiod_lookup_table\n\nWithout the terminator, if a con_id is passed to gpio_find() that\ndoes not exist in the lookup table the function will not stop looping\ncorrectly, and eventually cause an oops."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:40.678Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482"
        },
        {
          "url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48"
        },
        {
          "url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997"
        },
        {
          "url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557"
        }
      ],
      "title": "ARM: ep93xx: Add terminator to gpiod_lookup_table",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26751",
    "datePublished": "2024-04-03T17:00:36.523Z",
    "dateReserved": "2024-02-19T14:20:24.169Z",
    "dateUpdated": "2025-05-04T08:55:40.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52644 (GCVE-0-2023-52644)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 07:40

Title

wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabled to prevent trying to stop/wake a non-existent queue and failing to stop/wake the actual queue instantiated. Log of issue before change (with kernel parameter qos=0): [ +5.112651] ------------[ cut here ]------------ [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211] [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3 [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)] [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019 [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211] [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00 [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097 [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000 [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900 [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0 [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000 [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40 [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000 [ +0.000001] CS: 0010 DS: 0 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1824f942527f784a1…
	https://git.kernel.org/stable/c/31aaf17200c336fe2…
	https://git.kernel.org/stable/c/49f067726ab01c87c…
	https://git.kernel.org/stable/c/04a2b6eff2ae1c19c…
	https://git.kernel.org/stable/c/c67698325c68f8768…
	https://git.kernel.org/stable/c/bc845e2e42cae9517…
	https://git.kernel.org/stable/c/4049a9f80513a6739…
	https://git.kernel.org/stable/c/f1cf77bb870046a61…
	https://git.kernel.org/stable/c/9636951e4468f02c7…

Impacted products

Vendor

Product

Version

Linux

Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 1824f942527f784a19e01eac2d9679a21623d010 (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 31aaf17200c336fe258b70d39c40645ae19d0240 (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 49f067726ab01c87cf57566797a8a719badbbf08 (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455 (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < c67698325c68f8768db858f5c87c34823421746d (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < bc845e2e42cae95172c04bf29807c480f51a2a83 (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 4049a9f80513a6739c5677736a4c88f96df1b436 (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < f1cf77bb870046a6111a604f7f7fe83d1c8c9610 (git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 9636951e4468f02c72cc75a82dc65d003077edbc (git)

Linux

Affected: 2.6.26
Unaffected: 0 , < 2.6.26 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:35.399948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:27.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/broadcom/b43/b43.h",
            "drivers/net/wireless/broadcom/b43/dma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1824f942527f784a19e01eac2d9679a21623d010",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "31aaf17200c336fe258b70d39c40645ae19d0240",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "49f067726ab01c87cf57566797a8a719badbbf08",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "c67698325c68f8768db858f5c87c34823421746d",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "bc845e2e42cae95172c04bf29807c480f51a2a83",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "4049a9f80513a6739c5677736a4c88f96df1b436",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "f1cf77bb870046a6111a604f7f7fe83d1c8c9610",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            },
            {
              "lessThan": "9636951e4468f02c72cc75a82dc65d003077edbc",
              "status": "affected",
              "version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/broadcom/b43/b43.h",
            "drivers/net/wireless/broadcom/b43/dma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled\n\nWhen QoS is disabled, the queue priority value will not map to the correct\nieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS\nis disabled to prevent trying to stop/wake a non-existent queue and failing\nto stop/wake the actual queue instantiated.\n\nLog of issue before change (with kernel parameter qos=0):\n    [  +5.112651] ------------[ cut here ]------------\n    [  +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]\n    [  +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3\n    [  +0.000044]  videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common\n    [  +0.000055]  usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]\n    [  +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G        W  O       6.6.7 #1-NixOS\n    [  +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019\n    [  +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]\n    [  +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00\n    [  +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097\n    [  +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000\n    [  +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900\n    [  +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0\n    [  +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000\n    [  +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40\n    [  +0.000001] FS:  0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000\n    [  +0.000001] CS:  0010 DS: 0\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:40:44.633Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010"
        },
        {
          "url": "https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240"
        },
        {
          "url": "https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08"
        },
        {
          "url": "https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455"
        },
        {
          "url": "https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83"
        },
        {
          "url": "https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610"
        },
        {
          "url": "https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc"
        }
      ],
      "title": "wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52644",
    "datePublished": "2024-04-17T10:27:23.053Z",
    "dateReserved": "2024-03-06T09:52:12.094Z",
    "dateUpdated": "2025-05-04T07:40:44.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26654 (GCVE-0-2024-26654)

Vulnerability from cvelistv5 – Published: 2024-04-01 08:35 – Updated: 2025-05-04 08:53

Title

ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will return directly regardless of whether the timer handler is running or not and the worker could be rescheduled in the timer handler. As a result, the UAF bug will happen. The racy situation is shown below: (Thread 1) | (Thread 2) snd_aicapcm_pcm_close() | ... | run_spu_dma() //worker | mod_timer() flush_work() | del_timer() | aica_period_elapsed() //timer kfree(dreamcastcard->channel) | schedule_work() | run_spu_dma() //worker ... | dreamcastcard->channel-> //USE In order to mitigate this bug and other possible corner cases, call mod_timer() conditionally in run_spu_dma(), then implement PCM sync_stop op to cancel both the timer and worker. The sync_stop op will be called from PCM core appropriately when needed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c…
	https://git.kernel.org/stable/c/4206ad65a0ee76920…
	https://git.kernel.org/stable/c/aa39e6878f61f5089…
	https://git.kernel.org/stable/c/8c990221681688da3…
	https://git.kernel.org/stable/c/9d66ae0e7bb78b54e…
	https://git.kernel.org/stable/c/61d4787692c1fccdc…
	https://git.kernel.org/stable/c/e955e8a7f38a856fc…
	https://git.kernel.org/stable/c/3c907bf56905de7d2…
	https://git.kernel.org/stable/c/051e0840ffa8ab255…

Impacted products

Vendor

Product

Version

Linux

Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 4206ad65a0ee76920041a755bd3c17c6ba59bba2 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < aa39e6878f61f50892ee2dd9d2176f72020be845 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 8c990221681688da34295d6d76cc2f5b963e83f5 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 9d66ae0e7bb78b54e1e0525456c6b54e1d132046 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 61d4787692c1fccdc268ffa7a891f9c149f50901 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 3c907bf56905de7d27b329afaf59c2fb35d17b04 (git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 051e0840ffa8ab25554d6b14b62c9ab9e4901457 (git)

Linux

Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.846Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:59.432754Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:42.392Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/sh/aica.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "4206ad65a0ee76920041a755bd3c17c6ba59bba2",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "aa39e6878f61f50892ee2dd9d2176f72020be845",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "8c990221681688da34295d6d76cc2f5b963e83f5",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "9d66ae0e7bb78b54e1e0525456c6b54e1d132046",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "61d4787692c1fccdc268ffa7a891f9c149f50901",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "3c907bf56905de7d27b329afaf59c2fb35d17b04",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            },
            {
              "lessThan": "051e0840ffa8ab25554d6b14b62c9ab9e4901457",
              "status": "affected",
              "version": "198de43d758ca2700e2b52b49c0b189b4931466c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/sh/aica.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: sh: aica: reorder cleanup operations to avoid UAF bugs\n\nThe dreamcastcard-\u003etimer could schedule the spu_dma_work and the\nspu_dma_work could also arm the dreamcastcard-\u003etimer.\n\nWhen the snd_pcm_substream is closing, the aica_channel will be\ndeallocated. But it could still be dereferenced in the worker\nthread. The reason is that del_timer() will return directly\nregardless of whether the timer handler is running or not and\nthe worker could be rescheduled in the timer handler. As a result,\nthe UAF bug will happen. The racy situation is shown below:\n\n      (Thread 1)                 |      (Thread 2)\nsnd_aicapcm_pcm_close()          |\n ...                             |  run_spu_dma() //worker\n                                 |    mod_timer()\n  flush_work()                   |\n  del_timer()                    |  aica_period_elapsed() //timer\n  kfree(dreamcastcard-\u003echannel)  |    schedule_work()\n                                 |  run_spu_dma() //worker\n  ...                            |    dreamcastcard-\u003echannel-\u003e //USE\n\nIn order to mitigate this bug and other possible corner cases,\ncall mod_timer() conditionally in run_spu_dma(), then implement\nPCM sync_stop op to cancel both the timer and worker. The sync_stop\nop will be called from PCM core appropriately when needed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:11.500Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046"
        },
        {
          "url": "https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901"
        },
        {
          "url": "https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04"
        },
        {
          "url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457"
        }
      ],
      "title": "ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26654",
    "datePublished": "2024-04-01T08:35:19.763Z",
    "dateReserved": "2024-02-19T14:20:24.144Z",
    "dateUpdated": "2025-05-04T08:53:11.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26763 (GCVE-0-2024-26763)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-01-05 10:34

Title

dm-crypt: don't modify the data when using authenticated encryption

Summary

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them inside the clone bio. This may reduce performance, but it is needed to prevent the user from corrupting the device by writing data with O_DIRECT and modifying them at the same time. [1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/43a202bd552976497…
	https://git.kernel.org/stable/c/0dccbb93538fe89a8…
	https://git.kernel.org/stable/c/3c652f6fa1e1f9f02…
	https://git.kernel.org/stable/c/1a4371db68a31076a…
	https://git.kernel.org/stable/c/e08c2a8d27e989f0f…
	https://git.kernel.org/stable/c/64ba01a3659807557…
	https://git.kernel.org/stable/c/d9e3763a505e50ba3…
	https://git.kernel.org/stable/c/50c70240097ce41fe…

Impacted products

Vendor

Product

Version

Linux

Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < 43a202bd552976497474ae144942e32cc5f34d7e (git)
Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < 0dccbb93538fe89a86c6de31d4b1c8c560848eaa (git)
Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < 3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90 (git)
Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < 1a4371db68a31076afbe56ecce34fbbe6c80c529 (git)
Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < e08c2a8d27e989f0f5b0888792643027d7e691e6 (git)
Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < 64ba01a365980755732972523600a961c4266b75 (git)
Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < d9e3763a505e50ba3bd22846f2a8db99429fb857 (git)
Affected: ef43aa38063a6b2b3c6618e28ab35794f4f1fe29 , < 50c70240097ce41fe6bce6478b80478281e4d0f7 (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26763",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:51:31.262032Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:13.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-crypt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "43a202bd552976497474ae144942e32cc5f34d7e",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            },
            {
              "lessThan": "0dccbb93538fe89a86c6de31d4b1c8c560848eaa",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            },
            {
              "lessThan": "3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            },
            {
              "lessThan": "1a4371db68a31076afbe56ecce34fbbe6c80c529",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            },
            {
              "lessThan": "e08c2a8d27e989f0f5b0888792643027d7e691e6",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            },
            {
              "lessThan": "64ba01a365980755732972523600a961c4266b75",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            },
            {
              "lessThan": "d9e3763a505e50ba3bd22846f2a8db99429fb857",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            },
            {
              "lessThan": "50c70240097ce41fe6bce6478b80478281e4d0f7",
              "status": "affected",
              "version": "ef43aa38063a6b2b3c6618e28ab35794f4f1fe29",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-crypt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt: don\u0027t modify the data when using authenticated encryption\n\nIt was said that authenticated encryption could produce invalid tag when\nthe data that is being encrypted is modified [1]. So, fix this problem by\ncopying the data into the clone bio first and then encrypt them inside the\nclone bio.\n\nThis may reduce performance, but it is needed to prevent the user from\ncorrupting the device by writing data with O_DIRECT and modifying them at\nthe same time.\n\n[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:22.171Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529"
        },
        {
          "url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857"
        },
        {
          "url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7"
        }
      ],
      "title": "dm-crypt: don\u0027t modify the data when using authenticated encryption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26763",
    "datePublished": "2024-04-03T17:00:46.308Z",
    "dateReserved": "2024-02-19T14:20:24.172Z",
    "dateUpdated": "2026-01-05T10:34:22.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52444 (GCVE-0-2023-52444)

Vulnerability from cvelistv5 – Published: 2024-02-22 16:21 – Updated: 2025-05-04 07:36

Title

f2fs: fix to avoid dirent corruption

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() ... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the ".." link. And cross-directory rename does move the source to new parent, even if you'd been asked to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below testcase, it may cause dirent corruption, due to it missed to call f2fs_set_link() to update ".." link to new directory. - mkdir -p dir/foo - renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '..', parent parent ino is [0x3] [FSCK] other corrupted bugs [Fail]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/02160112e6d45c261…
	https://git.kernel.org/stable/c/5624a3c1b1ebc8991…
	https://git.kernel.org/stable/c/6f866885e147d33ef…
	https://git.kernel.org/stable/c/f100ba617d8be6c98…
	https://git.kernel.org/stable/c/f0145860c20be6bae…
	https://git.kernel.org/stable/c/d3c0b49aaa12a61d5…
	https://git.kernel.org/stable/c/2fb4867f4405aea8c…
	https://git.kernel.org/stable/c/53edb549565f55ccd…

Impacted products

Vendor

Product

Version

Linux

Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < 02160112e6d45c2610b049df6eb693d7a2e57b46 (git)
Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < 5624a3c1b1ebc8991318e1cce2aa719542991024 (git)
Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < 6f866885e147d33efc497f1095f35b2ee5ec7310 (git)
Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < f100ba617d8be6c98a68f3744ef7617082975b77 (git)
Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < f0145860c20be6bae6785c7a2249577674702ac7 (git)
Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < d3c0b49aaa12a61d560528f5d605029ab57f0728 (git)
Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < 2fb4867f4405aea8c0519d7d188207f232a57862 (git)
Affected: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 , < 53edb549565f55ccd0bdf43be3d66ce4c2d48b28 (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T17:55:52.107706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:03.571Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "02160112e6d45c2610b049df6eb693d7a2e57b46",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            },
            {
              "lessThan": "5624a3c1b1ebc8991318e1cce2aa719542991024",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            },
            {
              "lessThan": "6f866885e147d33efc497f1095f35b2ee5ec7310",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            },
            {
              "lessThan": "f100ba617d8be6c98a68f3744ef7617082975b77",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            },
            {
              "lessThan": "f0145860c20be6bae6785c7a2249577674702ac7",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            },
            {
              "lessThan": "d3c0b49aaa12a61d560528f5d605029ab57f0728",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            },
            {
              "lessThan": "2fb4867f4405aea8c0519d7d188207f232a57862",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            },
            {
              "lessThan": "53edb549565f55ccd0bdf43be3d66ce4c2d48b28",
              "status": "affected",
              "version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid dirent corruption\n\nAs Al reported in link[1]:\n\nf2fs_rename()\n...\n\tif (old_dir != new_dir \u0026\u0026 !whiteout)\n\t\tf2fs_set_link(old_inode, old_dir_entry,\n\t\t\t\t\told_dir_page, new_dir);\n\telse\n\t\tf2fs_put_page(old_dir_page, 0);\n\nYou want correct inumber in the \"..\" link.  And cross-directory\nrename does move the source to new parent, even if you\u0027d been asked\nto leave a whiteout in the old place.\n\n[1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/\n\nWith below testcase, it may cause dirent corruption, due to it missed\nto call f2fs_set_link() to update \"..\" link to new directory.\n- mkdir -p dir/foo\n- renameat2 -w dir/foo bar\n\n[ASSERT] (__chk_dots_dentries:1421)  --\u003e Bad inode number[0x4] for \u0027..\u0027, parent parent ino is [0x3]\n[FSCK] other corrupted bugs                           [Fail]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:36:40.605Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46"
        },
        {
          "url": "https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310"
        },
        {
          "url": "https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862"
        },
        {
          "url": "https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28"
        }
      ],
      "title": "f2fs: fix to avoid dirent corruption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52444",
    "datePublished": "2024-02-22T16:21:37.043Z",
    "dateReserved": "2024-02-20T12:30:33.291Z",
    "dateUpdated": "2025-05-04T07:36:40.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35852 (GCVE-0-2024-35852)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended. Otherwise, it is rescheduled immediately. After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash" the above is no longer accurate as a non-negative number of credits is no longer indicative of the migration being done. It can also happen if the work encountered an error in which case the migration will resume the next time the work is scheduled. The significance of the above is that it is possible for the work to be pending and associated with hints that were allocated when the migration started. This leads to the hints being leaked [1] when the work is canceled while pending as part of ACL region dismantle. Fix by freeing the hints if hints are associated with a work that was canceled while pending. Blame the original commit since the reliance on not having a pending work associated with hints is fragile. [1] unreferenced object 0xffff88810e7c3000 (size 256): comm "kworker/0:16", pid 176, jiffies 4295460353 hex dump (first 32 bytes): 00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80 .0......a....... 00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@........... backtrace (crc 2544ddb9): [<00000000cf8cfab3>] kmalloc_trace+0x23f/0x2a0 [<000000004d9a1ad9>] objagg_hints_get+0x42/0x390 [<000000000b143cf3>] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400 [<0000000059bdb60a>] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160 [<00000000e81fd734>] process_one_work+0x59c/0xf20 [<00000000ceee9e81>] worker_thread+0x799/0x12c0 [<00000000bda6fe39>] kthread+0x246/0x300 [<0000000070056d23>] ret_from_fork+0x34/0x70 [<00000000dea2b93e>] ret_from_fork_asm+0x1a/0x30

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/51cefc9da400b953f…
	https://git.kernel.org/stable/c/857ed800133ffcfce…
	https://git.kernel.org/stable/c/63d814d93c5cce4c1…
	https://git.kernel.org/stable/c/5bfe7bf9656ed2633…
	https://git.kernel.org/stable/c/de1aaefa75be9d0ec…
	https://git.kernel.org/stable/c/d72dd6fcd7886d052…
	https://git.kernel.org/stable/c/fb4e2b70a7194b209…

Impacted products

Vendor

Product

Version

Linux

Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 51cefc9da400b953fee749c9e5d26cd4a2b5d758 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 857ed800133ffcfcee28582090b63b0cbb8ba59d (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 63d814d93c5cce4c18284adc810028f28dca493f (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 5bfe7bf9656ed2633718388f12b7c38b86414a04 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < d72dd6fcd7886d0523afbab8b4a4b22d17addd7d (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < fb4e2b70a7194b209fc7320bbf33b375f7114bd5 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35852",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T18:41:32.237249Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:10.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "51cefc9da400b953fee749c9e5d26cd4a2b5d758",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "857ed800133ffcfcee28582090b63b0cbb8ba59d",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "63d814d93c5cce4c18284adc810028f28dca493f",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "5bfe7bf9656ed2633718388f12b7c38b86414a04",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "d72dd6fcd7886d0523afbab8b4a4b22d17addd7d",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "fb4e2b70a7194b209fc7320bbf33b375f7114bd5",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work\n\nThe rehash delayed work is rescheduled with a delay if the number of\ncredits at end of the work is not negative as supposedly it means that\nthe migration ended. Otherwise, it is rescheduled immediately.\n\nAfter \"mlxsw: spectrum_acl_tcam: Fix possible use-after-free during\nrehash\" the above is no longer accurate as a non-negative number of\ncredits is no longer indicative of the migration being done. It can also\nhappen if the work encountered an error in which case the migration will\nresume the next time the work is scheduled.\n\nThe significance of the above is that it is possible for the work to be\npending and associated with hints that were allocated when the migration\nstarted. This leads to the hints being leaked [1] when the work is\ncanceled while pending as part of ACL region dismantle.\n\nFix by freeing the hints if hints are associated with a work that was\ncanceled while pending.\n\nBlame the original commit since the reliance on not having a pending\nwork associated with hints is fragile.\n\n[1]\nunreferenced object 0xffff88810e7c3000 (size 256):\n  comm \"kworker/0:16\", pid 176, jiffies 4295460353\n  hex dump (first 32 bytes):\n    00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80  .0......a.......\n    00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00  ..a.@...........\n  backtrace (crc 2544ddb9):\n    [\u003c00000000cf8cfab3\u003e] kmalloc_trace+0x23f/0x2a0\n    [\u003c000000004d9a1ad9\u003e] objagg_hints_get+0x42/0x390\n    [\u003c000000000b143cf3\u003e] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400\n    [\u003c0000000059bdb60a\u003e] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160\n    [\u003c00000000e81fd734\u003e] process_one_work+0x59c/0xf20\n    [\u003c00000000ceee9e81\u003e] worker_thread+0x799/0x12c0\n    [\u003c00000000bda6fe39\u003e] kthread+0x246/0x300\n    [\u003c0000000070056d23\u003e] ret_from_fork+0x34/0x70\n    [\u003c00000000dea2b93e\u003e] ret_from_fork_asm+0x1a/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:51.339Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758"
        },
        {
          "url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d"
        },
        {
          "url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04"
        },
        {
          "url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35852",
    "datePublished": "2024-05-17T14:47:29.441Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:51.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26722 (GCVE-0-2024-26722)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:55 – Updated: 2025-05-04 08:54

Title

ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex is left locked forever. That may lead to deadlock when rt5645_jack_detect_work() is called for the second time. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3dd2d99e2352903d0…
	https://git.kernel.org/stable/c/422d5243b9f780abd…
	https://git.kernel.org/stable/c/4a98bc739d0753a58…
	https://git.kernel.org/stable/c/d14b8e2005f36319d…
	https://git.kernel.org/stable/c/1f0d7792e9023e865…
	https://git.kernel.org/stable/c/050ad2ca0ac169dd9…
	https://git.kernel.org/stable/c/ed5b8b735369b40d6…
	https://git.kernel.org/stable/c/6ef5d5b92f7117b32…

Impacted products

Vendor

Product

Version

Linux

Affected: 48ce529c83522944f116f03884819051f44f0fb6 , < 3dd2d99e2352903d0e0b8769e6c9b8293c7454b2 (git)
Affected: b67005b284ddaf62043468d1ce5905c17d85b0e6 , < 422d5243b9f780abd3d39da2b746e3915677b07d (git)
Affected: ffe13302b8fd486f80c98019bdcb7f3e512d0eda , < 4a98bc739d0753a5810ce5630943cd7614c7717e (git)
Affected: 7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9 , < d14b8e2005f36319df9412d42037416d64827f6b (git)
Affected: 1613195bf31e68b192bc731bea71726773e3482f , < 1f0d7792e9023e8658e901b7b76a555f6aa052ec (git)
Affected: 8f82f2e4d9c4966282e494ae67b0bc05a6c2b904 , < 050ad2ca0ac169dd9e552075d2c6af1bbb46534c (git)
Affected: cdba4301adda7c60a2064bf808e48fccd352aaa9 , < ed5b8b735369b40d6c1f8ef3e62d369f74b4c491 (git)
Affected: cdba4301adda7c60a2064bf808e48fccd352aaa9 , < 6ef5d5b92f7117b324efaac72b3db27ae8bb3082 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26722",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T17:40:07.128865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:40.322Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/codecs/rt5645.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3dd2d99e2352903d0e0b8769e6c9b8293c7454b2",
              "status": "affected",
              "version": "48ce529c83522944f116f03884819051f44f0fb6",
              "versionType": "git"
            },
            {
              "lessThan": "422d5243b9f780abd3d39da2b746e3915677b07d",
              "status": "affected",
              "version": "b67005b284ddaf62043468d1ce5905c17d85b0e6",
              "versionType": "git"
            },
            {
              "lessThan": "4a98bc739d0753a5810ce5630943cd7614c7717e",
              "status": "affected",
              "version": "ffe13302b8fd486f80c98019bdcb7f3e512d0eda",
              "versionType": "git"
            },
            {
              "lessThan": "d14b8e2005f36319df9412d42037416d64827f6b",
              "status": "affected",
              "version": "7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9",
              "versionType": "git"
            },
            {
              "lessThan": "1f0d7792e9023e8658e901b7b76a555f6aa052ec",
              "status": "affected",
              "version": "1613195bf31e68b192bc731bea71726773e3482f",
              "versionType": "git"
            },
            {
              "lessThan": "050ad2ca0ac169dd9e552075d2c6af1bbb46534c",
              "status": "affected",
              "version": "8f82f2e4d9c4966282e494ae67b0bc05a6c2b904",
              "versionType": "git"
            },
            {
              "lessThan": "ed5b8b735369b40d6c1f8ef3e62d369f74b4c491",
              "status": "affected",
              "version": "cdba4301adda7c60a2064bf808e48fccd352aaa9",
              "versionType": "git"
            },
            {
              "lessThan": "6ef5d5b92f7117b324efaac72b3db27ae8bb3082",
              "status": "affected",
              "version": "cdba4301adda7c60a2064bf808e48fccd352aaa9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/codecs/rt5645.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "4.19.306",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "5.4.268",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.10.209",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.15.148",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "6.1.74",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "6.6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()\n\nThere is a path in rt5645_jack_detect_work(), where rt5645-\u003ejd_mutex\nis left locked forever. That may lead to deadlock\nwhen rt5645_jack_detect_work() is called for the second time.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:54:54.183Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082"
        }
      ],
      "title": "ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26722",
    "datePublished": "2024-04-03T14:55:21.709Z",
    "dateReserved": "2024-02-19T14:20:24.163Z",
    "dateUpdated": "2025-05-04T08:54:54.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35849 (GCVE-0-2024-35849)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2026-01-05 10:35

Title

btrfs: fix information leak in btrfs_ioctl_logical_to_ino()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline] btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: __kmalloc_large_node+0x231/0x370 mm/slub.c:3921 __do_kmalloc_node mm/slub.c:3954 [inline] __kmalloc_node+0xb07/0x1060 mm/slub.c:3973 kmalloc_node include/linux/slab.h:648 [inline] kvmalloc_node+0xc0/0x2d0 mm/util.c:634 kvmalloc include/linux/slab.h:766 [inline] init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779 btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 40-65535 of 65536 are uninitialized Memory access of size 65536 starts at ffff888045a40000 This happens, because we're copying a 'struct btrfs_data_container' back to user-space. This btrfs_data_container is allocated in 'init_data_container()' via kvmalloc(), which does not zero-fill the memory. Fix this by using kvzalloc() which zeroes out the memory on allocation.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/689efe22e9b5b7d9d…
	https://git.kernel.org/stable/c/73db209dcd4ae0260…
	https://git.kernel.org/stable/c/30189e54ba80e3209…
	https://git.kernel.org/stable/c/e58047553a4e859da…
	https://git.kernel.org/stable/c/8bdbcfaf3eac42f98…
	https://git.kernel.org/stable/c/3a63cee1a5e14a3e5…
	https://git.kernel.org/stable/c/fddc19631c51d9c17…
	https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481…

Impacted products

Vendor

Product

Version

Linux

Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 689efe22e9b5b7d9d523119a9a5c3c17107a0772 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 73db209dcd4ae026021234d40cfcb2fb5b564b86 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 30189e54ba80e3209d34cfeea87b848f6ae025e6 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < e58047553a4e859dafc8d1d901e1de77c9dd922d (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 8bdbcfaf3eac42f98e5486b3d7e130fa287811f6 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < fddc19631c51d9c17d43e9f822a7bc403af88d54 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf (git)

Linux

Affected: 3.2
Unaffected: 0 , < 3.2 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:26:21.803612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:01.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/backref.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "689efe22e9b5b7d9d523119a9a5c3c17107a0772",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "73db209dcd4ae026021234d40cfcb2fb5b564b86",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "30189e54ba80e3209d34cfeea87b848f6ae025e6",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "e58047553a4e859dafc8d1d901e1de77c9dd922d",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "8bdbcfaf3eac42f98e5486b3d7e130fa287811f6",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "fddc19631c51d9c17d43e9f822a7bc403af88d54",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/backref.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "lessThan": "3.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\n\n  BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n  BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n   _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   copy_to_user include/linux/uaccess.h:191 [inline]\n   btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Uninit was created at:\n   __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n   __do_kmalloc_node mm/slub.c:3954 [inline]\n   __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n   kmalloc_node include/linux/slab.h:648 [inline]\n   kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n   kvmalloc include/linux/slab.h:766 [inline]\n   init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n   btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Bytes 40-65535 of 65536 are uninitialized\n  Memory access of size 65536 starts at ffff888045a40000\n\nThis happens, because we\u0027re copying a \u0027struct btrfs_data_container\u0027 back\nto user-space. This btrfs_data_container is allocated in\n\u0027init_data_container()\u0027 via kvmalloc(), which does not zero-fill the\nmemory.\n\nFix this by using kvzalloc() which zeroes out the memory on allocation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:25.159Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772"
        },
        {
          "url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86"
        },
        {
          "url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf"
        }
      ],
      "title": "btrfs: fix information leak in btrfs_ioctl_logical_to_ino()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35849",
    "datePublished": "2024-05-17T14:47:27.486Z",
    "dateReserved": "2024-05-17T13:50:33.105Z",
    "dateUpdated": "2026-01-05T10:35:25.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35877 (GCVE-0-2024-35877)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

x86/mm/pat: fix VM_PAT handling in COW mappings

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 3 ---truncated---

Severity ?

No CVSS data available.

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f18681daaec9665a1…
	https://git.kernel.org/stable/c/09e6bb53217bf388a…
	https://git.kernel.org/stable/c/c2b2430b48f3c9eac…
	https://git.kernel.org/stable/c/7cfee26d1950250b1…
	https://git.kernel.org/stable/c/97e93367e82752e47…
	https://git.kernel.org/stable/c/51b7841f3fe84606e…
	https://git.kernel.org/stable/c/1341e4b32e1fb1b0a…
	https://git.kernel.org/stable/c/04c35ab3bdae7fefb…

Impacted products

Vendor

Product

Version

Linux

Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < f18681daaec9665a15c5e7e0f591aad5d0ac622b (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 09e6bb53217bf388a0d2fd7fb21e74ab9dffc173 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 7cfee26d1950250b14c5cb0a37b142f3fcc6396a (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 97e93367e82752e475a33839a80b33bdbef1209f (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 51b7841f3fe84606ec0bd8da859d22e05e5419ec (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35877",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:13:41.454834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:14:37.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pat/memtype.c",
            "mm/memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f18681daaec9665a15c5e7e0f591aad5d0ac622b",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "09e6bb53217bf388a0d2fd7fb21e74ab9dffc173",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "7cfee26d1950250b14c5cb0a37b142f3fcc6396a",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "97e93367e82752e475a33839a80b33bdbef1209f",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "51b7841f3fe84606ec0bd8da859d22e05e5419ec",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "04c35ab3bdae7fefbd7c7a7355f29fa03a035221",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pat/memtype.c",
            "mm/memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: fix VM_PAT handling in COW mappings\n\nPAT handling won\u0027t do the right thing in COW mappings: the first PTE (or,\nin fact, all PTEs) can be replaced during write faults to point at anon\nfolios.  Reliably recovering the correct PFN and cachemode using\nfollow_phys() from PTEs will not work in COW mappings.\n\nUsing follow_phys(), we might just get the address+protection of the anon\nfolio (which is very wrong), or fail on swap/nonswap entries, failing\nfollow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and\ntrack_pfn_copy(), not properly calling free_pfn_range().\n\nIn free_pfn_range(), we either wouldn\u0027t call memtype_free() or would call\nit with the wrong range, possibly leaking memory.\n\nTo fix that, let\u0027s update follow_phys() to refuse returning anon folios,\nand fallback to using the stored PFN inside vma-\u003evm_pgoff for COW mappings\nif we run into that.\n\nWe will now properly handle untrack_pfn() with COW mappings, where we\ndon\u0027t need the cachemode.  We\u0027ll have to fail fork()-\u003etrack_pfn_copy() if\nthe first page was replaced by an anon folio, though: we\u0027d have to store\nthe cachemode in the VMA to make this work, likely growing the VMA size.\n\nFor now, lets keep it simple and let track_pfn_copy() just fail in that\ncase: it would have failed in the past with swap/nonswap entries already,\nand it would have done the wrong thing with anon folios.\n\nSimple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn():\n\n\u003c--- C reproducer ---\u003e\n #include \u003cstdio.h\u003e\n #include \u003csys/mman.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cliburing.h\u003e\n\n int main(void)\n {\n         struct io_uring_params p = {};\n         int ring_fd;\n         size_t size;\n         char *map;\n\n         ring_fd = io_uring_setup(1, \u0026p);\n         if (ring_fd \u003c 0) {\n                 perror(\"io_uring_setup\");\n                 return 1;\n         }\n         size = p.sq_off.array + p.sq_entries * sizeof(unsigned);\n\n         /* Map the submission queue ring MAP_PRIVATE */\n         map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE,\n                    ring_fd, IORING_OFF_SQ_RING);\n         if (map == MAP_FAILED) {\n                 perror(\"mmap\");\n                 return 1;\n         }\n\n         /* We have at least one page. Let\u0027s COW it. */\n         *map = 0;\n         pause();\n         return 0;\n }\n\u003c--- C reproducer ---\u003e\n\nOn a system with 16 GiB RAM and swap configured:\n # ./iouring \u0026\n # memhog 16G\n # killall iouring\n[  301.552930] ------------[ cut here ]------------\n[  301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100\n[  301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g\n[  301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1\n[  301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4\n[  301.559569] RIP: 0010:untrack_pfn+0xf4/0x100\n[  301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000\n[  301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282\n[  301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047\n[  301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200\n[  301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000\n[  301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000\n[  301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000\n[  301.564186] FS:  0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000\n[  301.564773] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0\n[  301.565725] PKRU: 55555554\n[  301.565944] Call Trace:\n[  301.566148]  \u003cTASK\u003e\n[  301.566325]  ? untrack_pfn+0xf4/0x100\n[  301.566618]  ? __warn+0x81/0x130\n[  301.566876]  ? untrack_pfn+0xf4/0x100\n[  3\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:25.990Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
        },
        {
          "url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
        },
        {
          "url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
        }
      ],
      "title": "x86/mm/pat: fix VM_PAT handling in COW mappings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35877",
    "datePublished": "2024-05-19T08:34:34.604Z",
    "dateReserved": "2024-05-17T13:50:33.110Z",
    "dateUpdated": "2025-05-04T09:07:25.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26641 (GCVE-0-2024-26641)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:19 – Updated: 2025-05-04 08:52

Title

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

Summary

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a9bc32879a08f23cd…
	https://git.kernel.org/stable/c/af6b5c50d47ab43e5…
	https://git.kernel.org/stable/c/d54e4da98bbfa8c25…
	https://git.kernel.org/stable/c/350a6640fac4b5356…
	https://git.kernel.org/stable/c/c835df3bcc14858ae…
	https://git.kernel.org/stable/c/8d975c15c0cd74400…

Impacted products

Vendor

Product

Version

Linux

Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < a9bc32879a08f23cdb80a48c738017e39aea1080 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < d54e4da98bbfa8c257bdca94c49652d81d18a4d8 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < 350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < c835df3bcc14858ae9b27315dd7de76370b94f3a (git)
Affected: 0d3c703a9d1723c7707e0680019ac8ff5922db42 , < 8d975c15c0cd744000ca386247432d57b21f9df0 (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:08:53.324454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:09:02.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:02:48.742Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a9bc32879a08f23cdb80a48c738017e39aea1080",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "af6b5c50d47ab43e5272ad61935d0ed2e264d3f0",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "d54e4da98bbfa8c257bdca94c49652d81d18a4d8",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "350a6640fac4b53564ec20aa3f4a0922cb0ba5e6",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "c835df3bcc14858ae9b27315dd7de76370b94f3a",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            },
            {
              "lessThan": "8d975c15c0cd744000ca386247432d57b21f9df0",
              "status": "affected",
              "version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\n\nsyzbot found __ip6_tnl_rcv() could access unitiliazed data [1].\n\nCall pskb_inet_may_pull() to fix this, and initialize ipv6h\nvariable after this call as it can change skb-\u003ehead.\n\n[1]\n BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n  __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n  INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n  IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n  ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727\n  __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845\n  ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888\n gre_rcv+0x143f/0x1870\n  ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\n  ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n  ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n  dst_input include/net/dst.h:461 [inline]\n  ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n  __netif_receive_skb_one_core net/core/dev.c:5532 [inline]\n  __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646\n  netif_receive_skb_internal net/core/dev.c:5732 [inline]\n  netif_receive_skb+0x58/0x660 net/core/dev.c:5791\n  tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n  tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n  call_write_iter include/linux/fs.h:2084 [inline]\n  new_sync_write fs/read_write.c:497 [inline]\n  vfs_write+0x786/0x1200 fs/read_write.c:590\n  ksys_write+0x20f/0x4c0 fs/read_write.c:643\n  __do_sys_write fs/read_write.c:655 [inline]\n  __se_sys_write fs/read_write.c:652 [inline]\n  __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n  slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n  slab_alloc_node mm/slub.c:3478 [inline]\n  kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n  __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n  alloc_skb include/linux/skbuff.h:1286 [inline]\n  alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n  sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n  tun_alloc_skb drivers/net/tun.c:1531 [inline]\n  tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846\n  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n  call_write_iter include/linux/fs.h:2084 [inline]\n  new_sync_write fs/read_write.c:497 [inline]\n  vfs_write+0x786/0x1200 fs/read_write.c:590\n  ksys_write+0x20f/0x4c0 fs/read_write.c:643\n  __do_sys_write fs/read_write.c:655 [inline]\n  __se_sys_write fs/read_write.c:652 [inline]\n  __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:54.137Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080"
        },
        {
          "url": "https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0"
        }
      ],
      "title": "ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26641",
    "datePublished": "2024-03-18T10:19:07.581Z",
    "dateReserved": "2024-02-19T14:20:24.137Z",
    "dateUpdated": "2025-05-04T08:52:54.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27074 (GCVE-0-2024-27074)

Vulnerability from cvelistv5 – Published: 2024-05-01 13:04 – Updated: 2025-05-04 09:03

Title

media: go7007: fix a memleak in go7007_load_encoder

Summary

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go is freed and thus bounce is leaked.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7f11dd3d165b178e7…
	https://git.kernel.org/stable/c/291cda0b805fc0d6e…
	https://git.kernel.org/stable/c/b49fe84c6cefcc1c2…
	https://git.kernel.org/stable/c/790fa2c04dfb9f095…
	https://git.kernel.org/stable/c/e04d15c8bb3e111dd…
	https://git.kernel.org/stable/c/f31c1cc37411f5f7b…
	https://git.kernel.org/stable/c/d43988a23c32588cc…
	https://git.kernel.org/stable/c/7405a0d4442792988…
	https://git.kernel.org/stable/c/b9b683844b01d171a…

Impacted products

Vendor

Product

Version

Linux

Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 7f11dd3d165b178e738fe73dfeea513e383bedb5 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 291cda0b805fc0d6e90d201710311630c8667159 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < b49fe84c6cefcc1c2336d793b53442e716c95073 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 790fa2c04dfb9f095ec372bf17909424d6e864b3 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < e04d15c8bb3e111dd69f98894acd92d63e87aac3 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < d43988a23c32588ccd0c74219637afb96cd78661 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < 7405a0d4442792988e9ae834e7d84f9d163731a4 (git)
Affected: 95ef39403f890360a3e48fe550d8e8e5d088ad74 , < b9b683844b01d171a72b9c0419a2d760d946ee12 (git)

Linux

Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T18:38:34.857728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:45.741Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:59.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/go7007/go7007-driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7f11dd3d165b178e738fe73dfeea513e383bedb5",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "291cda0b805fc0d6e90d201710311630c8667159",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "b49fe84c6cefcc1c2336d793b53442e716c95073",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "790fa2c04dfb9f095ec372bf17909424d6e864b3",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "e04d15c8bb3e111dd69f98894acd92d63e87aac3",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "d43988a23c32588ccd0c74219637afb96cd78661",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "7405a0d4442792988e9ae834e7d84f9d163731a4",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            },
            {
              "lessThan": "b9b683844b01d171a72b9c0419a2d760d946ee12",
              "status": "affected",
              "version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/go7007/go7007-driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: go7007: fix a memleak in go7007_load_encoder\n\nIn go7007_load_encoder, bounce(i.e. go-\u003eboot_fw), is allocated without\na deallocation thereafter. After the following call chain:\n\nsaa7134_go7007_init\n  |-\u003e go7007_boot_encoder\n        |-\u003e go7007_load_encoder\n  |-\u003e kfree(go)\n\ngo is freed and thus bounce is leaked."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:03:39.767Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159"
        },
        {
          "url": "https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073"
        },
        {
          "url": "https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975"
        },
        {
          "url": "https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661"
        },
        {
          "url": "https://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12"
        }
      ],
      "title": "media: go7007: fix a memleak in go7007_load_encoder",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27074",
    "datePublished": "2024-05-01T13:04:41.079Z",
    "dateReserved": "2024-02-19T14:20:24.217Z",
    "dateUpdated": "2025-05-04T09:03:39.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27044 (GCVE-0-2024-27044)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2025-05-04 09:02

Title

drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e019d87e02f1e539a…
	https://git.kernel.org/stable/c/330caa061af53ea6d…
	https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba…
	https://git.kernel.org/stable/c/29fde8895b2fcc33f…
	https://git.kernel.org/stable/c/2d9fe7787af01188d…
	https://git.kernel.org/stable/c/14613d52bc7fc180d…
	https://git.kernel.org/stable/c/7874ab3105ca46571…
	https://git.kernel.org/stable/c/9ccfe80d022df7c59…

Impacted products

Vendor

Product

Version

Linux

Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < e019d87e02f1e539ae48b99187f253847744ca7a (git)
Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < 330caa061af53ea6d287d7c43d0703714e510e08 (git)
Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < 6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb (git)
Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < 29fde8895b2fcc33f44aea28c644ce2d9b62f9e0 (git)
Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < 2d9fe7787af01188dc470a649bdbb842d6511fd7 (git)
Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < 14613d52bc7fc180df6d2c65ba65fc921fc1dda7 (git)
Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < 7874ab3105ca4657102fee1cc14b0af70883c484 (git)
Affected: ddef02de0d71d483ad4398393717cc0d53fc990a , < 9ccfe80d022df7c595f1925afb31de2232900656 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T13:38:17.735678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:49.219Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:06.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e019d87e02f1e539ae48b99187f253847744ca7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/330caa061af53ea6d287d7c43d0703714e510e08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29fde8895b2fcc33f44aea28c644ce2d9b62f9e0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d9fe7787af01188dc470a649bdbb842d6511fd7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14613d52bc7fc180df6d2c65ba65fc921fc1dda7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7874ab3105ca4657102fee1cc14b0af70883c484"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ccfe80d022df7c595f1925afb31de2232900656"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e019d87e02f1e539ae48b99187f253847744ca7a",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            },
            {
              "lessThan": "330caa061af53ea6d287d7c43d0703714e510e08",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            },
            {
              "lessThan": "6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            },
            {
              "lessThan": "29fde8895b2fcc33f44aea28c644ce2d9b62f9e0",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            },
            {
              "lessThan": "2d9fe7787af01188dc470a649bdbb842d6511fd7",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            },
            {
              "lessThan": "14613d52bc7fc180df6d2c65ba65fc921fc1dda7",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            },
            {
              "lessThan": "7874ab3105ca4657102fee1cc14b0af70883c484",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            },
            {
              "lessThan": "9ccfe80d022df7c595f1925afb31de2232900656",
              "status": "affected",
              "version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential NULL pointer dereferences in \u0027dcn10_set_output_transfer_func()\u0027\n\nThe \u0027stream\u0027 pointer is used in dcn10_set_output_transfer_func() before\nthe check if \u0027stream\u0027 is NULL.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check \u0027stream\u0027 (see line 1875)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:59.495Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e019d87e02f1e539ae48b99187f253847744ca7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/330caa061af53ea6d287d7c43d0703714e510e08"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb"
        },
        {
          "url": "https://git.kernel.org/stable/c/29fde8895b2fcc33f44aea28c644ce2d9b62f9e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d9fe7787af01188dc470a649bdbb842d6511fd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/14613d52bc7fc180df6d2c65ba65fc921fc1dda7"
        },
        {
          "url": "https://git.kernel.org/stable/c/7874ab3105ca4657102fee1cc14b0af70883c484"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ccfe80d022df7c595f1925afb31de2232900656"
        }
      ],
      "title": "drm/amd/display: Fix potential NULL pointer dereferences in \u0027dcn10_set_output_transfer_func()\u0027",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27044",
    "datePublished": "2024-05-01T12:54:14.695Z",
    "dateReserved": "2024-02-19T14:20:24.213Z",
    "dateUpdated": "2025-05-04T09:02:59.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26810 (GCVE-0-2024-26810)

Vulnerability from cvelistv5 – Published: 2024-04-05 08:24 – Updated: 2025-05-04 08:57

Title

vfio/pci: Lock external INTx masking ops

Summary

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In particular, irq_type is updated holding igate, therefore testing is_intx() requires holding igate. For example clearing DisINTx from config space can otherwise race changes of the interrupt configuration. This aligns interfaces which may trigger the INTx eventfd into two camps, one side serialized by igate and the other only enabled while INTx is configured. A subsequent patch introduces synchronization for the latter flows.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1e71b6449d5517917…
	https://git.kernel.org/stable/c/3dd9be6cb55e0f475…
	https://git.kernel.org/stable/c/ec73e079729258a05…
	https://git.kernel.org/stable/c/3fe0ac10bd117df84…
	https://git.kernel.org/stable/c/04a4a017b9ffd7b0f…
	https://git.kernel.org/stable/c/6fe478d855b20ac1e…
	https://git.kernel.org/stable/c/03505e3344b0576fd…
	https://git.kernel.org/stable/c/810cd4bb53456d050…

Impacted products

Vendor

Product

Version

Linux

Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 1e71b6449d55179170efc8dee8664510bb813b42 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 3dd9be6cb55e0f47544e7cdda486413f7134e3b3 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < ec73e079729258a05452356cf6d098bf1504d5a6 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 3fe0ac10bd117df847c93408a9d428a453cd60e5 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 04a4a017b9ffd7b0f427b8c376688d14cb614651 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 6fe478d855b20ac1eb5da724afe16af5a2aaaa40 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 03505e3344b0576fd619416793a31eae9c5b73bf (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 810cd4bb53456d0503cc4e7934e063835152c1b7 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T17:23:22.081964Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T20:03:53.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/pci/vfio_pci_intrs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1e71b6449d55179170efc8dee8664510bb813b42",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "3dd9be6cb55e0f47544e7cdda486413f7134e3b3",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "ec73e079729258a05452356cf6d098bf1504d5a6",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "3fe0ac10bd117df847c93408a9d428a453cd60e5",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "04a4a017b9ffd7b0f427b8c376688d14cb614651",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "6fe478d855b20ac1eb5da724afe16af5a2aaaa40",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "03505e3344b0576fd619416793a31eae9c5b73bf",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "810cd4bb53456d0503cc4e7934e063835152c1b7",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/pci/vfio_pci_intrs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl.  Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate.  For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured.  A subsequent patch introduces synchronization for\nthe latter flows."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:05.248Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40"
        },
        {
          "url": "https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7"
        }
      ],
      "title": "vfio/pci: Lock external INTx masking ops",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26810",
    "datePublished": "2024-04-05T08:24:41.987Z",
    "dateReserved": "2024-02-19T14:20:24.179Z",
    "dateUpdated": "2025-05-04T08:57:05.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26825 (GCVE-0-2024-26825)

Vulnerability from cvelistv5 – Published: 2024-04-17 09:43 – Updated: 2025-05-04 08:57

Title

nfc: nci: free rx_data_reassembly skb on NCI device cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak. As by design the rx_data_reassembly skb is bound to the NCI device and nothing prevents the device to be freed before the skb is processed in some way and cleaned, free it on the NCI device cleanup. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7e9a8498658b398bf…
	https://git.kernel.org/stable/c/71349abe3aba7fedc…
	https://git.kernel.org/stable/c/2f6d16f0520d65052…
	https://git.kernel.org/stable/c/471c9ede8061357b4…
	https://git.kernel.org/stable/c/5c0c5ffaed73cbae6…
	https://git.kernel.org/stable/c/16d3f507b0fa70453…
	https://git.kernel.org/stable/c/a3d90fb5c23f29ba5…
	https://git.kernel.org/stable/c/bfb007aebe6bff451…

Impacted products

Vendor

Product

Version

Linux

Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < 7e9a8498658b398bf11b8e388005fa54e40aed81 (git)
Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < 71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf (git)
Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < 2f6d16f0520d6505241629ee2f5c131b547d5f9d (git)
Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < 471c9ede8061357b43a116fa692e70d91941ac23 (git)
Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < 5c0c5ffaed73cbae6c317374dc32ba6cacc60895 (git)
Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < 16d3f507b0fa70453dc54550df093d6e9ac630c1 (git)
Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < a3d90fb5c23f29ba59c04005ae76c5228cef2be9 (git)
Affected: 6a2968aaf50c7a22fced77a5e24aa636281efca8 , < bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c (git)

Linux

Affected: 3.2
Unaffected: 0 , < 3.2 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26825",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:41:44.795216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:48:52.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/nci/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7e9a8498658b398bf11b8e388005fa54e40aed81",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            },
            {
              "lessThan": "71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            },
            {
              "lessThan": "2f6d16f0520d6505241629ee2f5c131b547d5f9d",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            },
            {
              "lessThan": "471c9ede8061357b43a116fa692e70d91941ac23",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            },
            {
              "lessThan": "5c0c5ffaed73cbae6c317374dc32ba6cacc60895",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            },
            {
              "lessThan": "16d3f507b0fa70453dc54550df093d6e9ac630c1",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            },
            {
              "lessThan": "a3d90fb5c23f29ba59c04005ae76c5228cef2be9",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            },
            {
              "lessThan": "bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c",
              "status": "affected",
              "version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/nci/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "lessThan": "3.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup\n\nrx_data_reassembly skb is stored during NCI data exchange for processing\nfragmented packets. It is dropped only when the last fragment is processed\nor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.\nHowever, the NCI device may be deallocated before that which leads to skb\nleak.\n\nAs by design the rx_data_reassembly skb is bound to the NCI device and\nnothing prevents the device to be freed before the skb is processed in\nsome way and cleaned, free it on the NCI device cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:22.904Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
        },
        {
          "url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
        },
        {
          "url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
        }
      ],
      "title": "nfc: nci: free rx_data_reassembly skb on NCI device cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26825",
    "datePublished": "2024-04-17T09:43:51.114Z",
    "dateReserved": "2024-02-19T14:20:24.181Z",
    "dateUpdated": "2025-05-04T08:57:22.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26955 (GCVE-0-2024-26955)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:18 – Updated: 2025-05-04 09:00

Title

nilfs2: prevent kernel bug at submit_bh_wbc()

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent kernel bug at submit_bh_wbc() Fix a bug where nilfs_get_block() returns a successful status when searching and inserting the specified block both fail inconsistently. If this inconsistent behavior is not due to a previously fixed bug, then an unexpected race is occurring, so return a temporary error -EAGAIN instead. This prevents callers such as __block_write_begin_int() from requesting a read into a buffer that is not mapped, which would cause the BUG_ON check for the BH_Mapped flag in submit_bh_wbc() to fail.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/91e4c4595fae5e870…
	https://git.kernel.org/stable/c/32eaee72e96590a75…
	https://git.kernel.org/stable/c/f0fe7ad5aff4f0fcf…
	https://git.kernel.org/stable/c/ca581d237f3b8539c…
	https://git.kernel.org/stable/c/192e9f9078c96be30…
	https://git.kernel.org/stable/c/0c8aa4cfda4e4adb1…
	https://git.kernel.org/stable/c/48d443d200237782d…
	https://git.kernel.org/stable/c/76ffbe911e2798c72…
	https://git.kernel.org/stable/c/269cdf353b5bdd15f…

Impacted products

Vendor

Product

Version

Linux

Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < 91e4c4595fae5e87069e44687ae879091783c183 (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < 32eaee72e96590a75445c8a6c7c1057673b47e07 (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < f0fe7ad5aff4f0fcf988913313c497de85f1e186 (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < ca581d237f3b8539c044205bb003de71d75d227c (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < 192e9f9078c96be30b31c4b44d6294b24520fce5 (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < 0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < 48d443d200237782dc82e6b60663ec414ef02e39 (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < 76ffbe911e2798c7296968f5fd72f7bf67207a8d (git)
Affected: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b , < 269cdf353b5bdd15f1a079671b0f889113865f20 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:51:47.841182Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:21.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91e4c4595fae5e87069e44687ae879091783c183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32eaee72e96590a75445c8a6c7c1057673b47e07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0fe7ad5aff4f0fcf988913313c497de85f1e186"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca581d237f3b8539c044205bb003de71d75d227c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/192e9f9078c96be30b31c4b44d6294b24520fce5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48d443d200237782dc82e6b60663ec414ef02e39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/76ffbe911e2798c7296968f5fd72f7bf67207a8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/269cdf353b5bdd15f1a079671b0f889113865f20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "91e4c4595fae5e87069e44687ae879091783c183",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "32eaee72e96590a75445c8a6c7c1057673b47e07",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "f0fe7ad5aff4f0fcf988913313c497de85f1e186",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "ca581d237f3b8539c044205bb003de71d75d227c",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "192e9f9078c96be30b31c4b44d6294b24520fce5",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "48d443d200237782dc82e6b60663ec414ef02e39",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "76ffbe911e2798c7296968f5fd72f7bf67207a8d",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            },
            {
              "lessThan": "269cdf353b5bdd15f1a079671b0f889113865f20",
              "status": "affected",
              "version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: prevent kernel bug at submit_bh_wbc()\n\nFix a bug where nilfs_get_block() returns a successful status when\nsearching and inserting the specified block both fail inconsistently.  If\nthis inconsistent behavior is not due to a previously fixed bug, then an\nunexpected race is occurring, so return a temporary error -EAGAIN instead.\n\nThis prevents callers such as __block_write_begin_int() from requesting a\nread into a buffer that is not mapped, which would cause the BUG_ON check\nfor the BH_Mapped flag in submit_bh_wbc() to fail."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:38.073Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/91e4c4595fae5e87069e44687ae879091783c183"
        },
        {
          "url": "https://git.kernel.org/stable/c/32eaee72e96590a75445c8a6c7c1057673b47e07"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0fe7ad5aff4f0fcf988913313c497de85f1e186"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca581d237f3b8539c044205bb003de71d75d227c"
        },
        {
          "url": "https://git.kernel.org/stable/c/192e9f9078c96be30b31c4b44d6294b24520fce5"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c"
        },
        {
          "url": "https://git.kernel.org/stable/c/48d443d200237782dc82e6b60663ec414ef02e39"
        },
        {
          "url": "https://git.kernel.org/stable/c/76ffbe911e2798c7296968f5fd72f7bf67207a8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/269cdf353b5bdd15f1a079671b0f889113865f20"
        }
      ],
      "title": "nilfs2: prevent kernel bug at submit_bh_wbc()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26955",
    "datePublished": "2024-05-01T05:18:51.866Z",
    "dateReserved": "2024-02-19T14:20:24.200Z",
    "dateUpdated": "2025-05-04T09:00:38.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52690 (GCVE-0-2023-52690)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:24 – Updated: 2025-05-04 07:41

Title

powerpc/powernv: Add a null pointer check to scom_debug_init_one()

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f84c1446daa552e96…
	https://git.kernel.org/stable/c/1eefa93faf6918854…
	https://git.kernel.org/stable/c/2a82c4439b903639e…
	https://git.kernel.org/stable/c/ed8d023cfa97b559d…
	https://git.kernel.org/stable/c/dd8422ff271c22058…
	https://git.kernel.org/stable/c/a9c05cbb6644a2103…
	https://git.kernel.org/stable/c/9a260f2dd827bbc82…

Impacted products

Vendor

Product

Version

Linux

Affected: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 , < f84c1446daa552e9699da8d1f8375eac0f65edc7 (git)
Affected: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 , < 1eefa93faf69188540b08b024794fa90b1d82e8b (git)
Affected: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 , < 2a82c4439b903639e0a1f21990cd399fb0a49c19 (git)
Affected: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 , < ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2 (git)
Affected: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 , < dd8422ff271c22058560832fc3006324ded895a9 (git)
Affected: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 , < a9c05cbb6644a2103c75b6906e9dafb9981ebd13 (git)
Affected: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 , < 9a260f2dd827bbc82cc60eb4f4d8c22707d80742 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:27:29.036403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:12.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c22707d80742"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/platforms/powernv/opal-xscom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f84c1446daa552e9699da8d1f8375eac0f65edc7",
              "status": "affected",
              "version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
              "versionType": "git"
            },
            {
              "lessThan": "1eefa93faf69188540b08b024794fa90b1d82e8b",
              "status": "affected",
              "version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
              "versionType": "git"
            },
            {
              "lessThan": "2a82c4439b903639e0a1f21990cd399fb0a49c19",
              "status": "affected",
              "version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
              "versionType": "git"
            },
            {
              "lessThan": "ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2",
              "status": "affected",
              "version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
              "versionType": "git"
            },
            {
              "lessThan": "dd8422ff271c22058560832fc3006324ded895a9",
              "status": "affected",
              "version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
              "versionType": "git"
            },
            {
              "lessThan": "a9c05cbb6644a2103c75b6906e9dafb9981ebd13",
              "status": "affected",
              "version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
              "versionType": "git"
            },
            {
              "lessThan": "9a260f2dd827bbc82cc60eb4f4d8c22707d80742",
              "status": "affected",
              "version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/platforms/powernv/opal-xscom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv: Add a null pointer check to scom_debug_init_one()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure.\nAdd a null pointer check, and release \u0027ent\u0027 to avoid memory leaks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:41:42.077Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c22707d80742"
        }
      ],
      "title": "powerpc/powernv: Add a null pointer check to scom_debug_init_one()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52690",
    "datePublished": "2024-05-17T14:24:50.648Z",
    "dateReserved": "2024-03-07T14:49:46.888Z",
    "dateUpdated": "2025-05-04T07:41:42.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52599 (GCVE-0-2023-52599)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-01-05 10:16

Title

jfs: fix array-index-out-of-bounds in diNewExt

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140 RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [Analysis] When the agstart is too large, it can cause agno overflow. [Fix] After obtaining agno, if the value is invalid, exit the subsequent process. Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next report by kernel test robot (Dan Carpenter).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f423528488e4f9606…
	https://git.kernel.org/stable/c/de6a91aed1e0b1a23…
	https://git.kernel.org/stable/c/e2b77d107b33bb31c…
	https://git.kernel.org/stable/c/6aa30020879042d46…
	https://git.kernel.org/stable/c/3537f92cd22c672db…
	https://git.kernel.org/stable/c/6996d43b14486f4a6…
	https://git.kernel.org/stable/c/5a6660139195f5e2f…
	https://git.kernel.org/stable/c/49f9637aafa6e63ba…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f423528488e4f9606cef858eceea210bf1163f41 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6aa30020879042d46df9f747e4f0a486eea6fe98 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3537f92cd22c672db97fae6997481e678ad14641 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6996d43b14486f4a6655b10edc541ada1b580b4b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5a6660139195f5e2fbbda459eeecb8788f3885fe (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 49f9637aafa6e63ba686c13cb8549bf5e6920402 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T17:46:56.259920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T17:47:03.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_imap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f423528488e4f9606cef858eceea210bf1163f41",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6aa30020879042d46df9f747e4f0a486eea6fe98",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3537f92cd22c672db97fae6997481e678ad14641",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6996d43b14486f4a6655b10edc541ada1b580b4b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5a6660139195f5e2fbbda459eeecb8788f3885fe",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "49f9637aafa6e63ba686c13cb8549bf5e6920402",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_imap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diNewExt\n\n[Syz report]\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2\nindex -878706688 is out of range for type \u0027struct iagctl[128]\u0027\nCPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360\n diAllocExt fs/jfs/jfs_imap.c:1949 [inline]\n diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666\n diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225\n vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106\n do_mkdirat+0x264/0x3a0 fs/namei.c:4129\n __do_sys_mkdir fs/namei.c:4149 [inline]\n __se_sys_mkdir fs/namei.c:4147 [inline]\n __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7fcb7e6a0b57\nCode: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053\nRAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57\nRDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140\nRBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n\n[Analysis]\nWhen the agstart is too large, it can cause agno overflow.\n\n[Fix]\nAfter obtaining agno, if the value is invalid, exit the subsequent process.\n\n\nModified the test from agno \u003e MAXAG to agno \u003e= MAXAG based on linux-next\nreport by kernel test robot (Dan Carpenter)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:30.861Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41"
        },
        {
          "url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98"
        },
        {
          "url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641"
        },
        {
          "url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402"
        }
      ],
      "title": "jfs: fix array-index-out-of-bounds in diNewExt",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52599",
    "datePublished": "2024-03-06T06:45:27.655Z",
    "dateReserved": "2024-03-02T21:55:42.573Z",
    "dateUpdated": "2026-01-05T10:16:30.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52669 (GCVE-0-2023-52669)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:01 – Updated: 2025-05-04 07:41

Title

crypto: s390/aes - Fix buffer overread in CTR mode

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cd51e26a3b89706be…
	https://git.kernel.org/stable/c/a7f580cdb42ec3d53…
	https://git.kernel.org/stable/c/dbc9a791a70ea47be…
	https://git.kernel.org/stable/c/d68ac38895e844468…
	https://git.kernel.org/stable/c/e78f1a43e72daf777…
	https://git.kernel.org/stable/c/d07f951903fa9922c…

Impacted products

Vendor

Product

Version

Linux

Affected: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f , < cd51e26a3b89706beec64f2d8296cfb1c34e0c79 (git)
Affected: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f , < a7f580cdb42ec3d53bbb7c4e4335a98423703285 (git)
Affected: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f , < dbc9a791a70ea47be9f2acf251700fe254a2ab23 (git)
Affected: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f , < d68ac38895e84446848b7647ab9458d54cacba3e (git)
Affected: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f , < e78f1a43e72daf77705ad5b9946de66fc708b874 (git)
Affected: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f , < d07f951903fa9922c375b8ab1ce81b18a0034e3b (git)

Linux

Affected: 3.0
Unaffected: 0 , < 3.0 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52669",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T14:16:01.568740Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:13.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:34.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/crypto/aes_s390.c",
            "arch/s390/crypto/paes_s390.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cd51e26a3b89706beec64f2d8296cfb1c34e0c79",
              "status": "affected",
              "version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
              "versionType": "git"
            },
            {
              "lessThan": "a7f580cdb42ec3d53bbb7c4e4335a98423703285",
              "status": "affected",
              "version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
              "versionType": "git"
            },
            {
              "lessThan": "dbc9a791a70ea47be9f2acf251700fe254a2ab23",
              "status": "affected",
              "version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
              "versionType": "git"
            },
            {
              "lessThan": "d68ac38895e84446848b7647ab9458d54cacba3e",
              "status": "affected",
              "version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
              "versionType": "git"
            },
            {
              "lessThan": "e78f1a43e72daf77705ad5b9946de66fc708b874",
              "status": "affected",
              "version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
              "versionType": "git"
            },
            {
              "lessThan": "d07f951903fa9922c375b8ab1ce81b18a0034e3b",
              "status": "affected",
              "version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/crypto/aes_s390.c",
            "arch/s390/crypto/paes_s390.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: s390/aes - Fix buffer overread in CTR mode\n\nWhen processing the last block, the s390 ctr code will always read\na whole block, even if there isn\u0027t a whole block of data left.  Fix\nthis by using the actual length left and copy it into a buffer first\nfor processing."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:41:12.654Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23"
        },
        {
          "url": "https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874"
        },
        {
          "url": "https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b"
        }
      ],
      "title": "crypto: s390/aes - Fix buffer overread in CTR mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52669",
    "datePublished": "2024-05-17T14:01:57.025Z",
    "dateReserved": "2024-03-07T14:49:46.885Z",
    "dateUpdated": "2025-05-04T07:41:12.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26897 (GCVE-0-2024-26897)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 12:55

Title

wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete The ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data structures have been fully initialised by the time it runs. However, because of the order in which things are initialised, this is not guaranteed to be the case, because the device is exposed to the USB subsystem before the ath9k driver initialisation is completed. We already committed a partial fix for this in commit: 8b3046abc99e ("ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()") However, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event tasklet, pairing it with an "initialisation complete" bit in the TX struct. It seems syzbot managed to trigger the race for one of the other commands as well, so let's just move the existing synchronisation bit to cover the whole tasklet (setting it at the end of ath9k_htc_probe_device() instead of inside ath9k_tx_init()).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1bc5461a21c56a36e…
	https://git.kernel.org/stable/c/f8ff4b4df71e87f60…
	https://git.kernel.org/stable/c/74d0639261dd795dc…
	https://git.kernel.org/stable/c/a015fbf698c8957aa…
	https://git.kernel.org/stable/c/ac90e22e735bac44f…
	https://git.kernel.org/stable/c/4afa0246656d5680c…
	https://git.kernel.org/stable/c/24355fcb0d4cbcb6d…

Impacted products

Vendor

Product

Version

Linux

Affected: 78c8397132dd4735ac6a7b5a651302f0b9f264ad , < 1bc5461a21c56a36e2a7d81e152b90ce019a3905 (git)
Affected: 735aefae7b68025cd04c482a940c0f6fc6797a63 , < f8ff4b4df71e87f609be0cc37d92e918107f9b90 (git)
Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < 74d0639261dd795dce958d1b14815bdcbb48a715 (git)
Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < a015fbf698c8957aa5fbeefc5c59dd2cf3107298 (git)
Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < ac90e22e735bac44f74b5161fb096fbeb0ff8bc2 (git)
Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < 4afa0246656d5680c8a4c3fb37ba6570c4ab819b (git)
Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < 24355fcb0d4cbcb6ddda262596558e8cfba70f11 (git)
Affected: 7bbc1a50a7963f14048f0e54b0b73159f86d4ea3 (git)

Linux

Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1bc5461a21c56a36e2a7d81e152b90ce019a3905"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8ff4b4df71e87f609be0cc37d92e918107f9b90"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/74d0639261dd795dce958d1b14815bdcbb48a715"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a015fbf698c8957aa5fbeefc5c59dd2cf3107298"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac90e22e735bac44f74b5161fb096fbeb0ff8bc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4afa0246656d5680c8a4c3fb37ba6570c4ab819b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24355fcb0d4cbcb6ddda262596558e8cfba70f11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:09.627095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:23.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc.h",
            "drivers/net/wireless/ath/ath9k/htc_drv_init.c",
            "drivers/net/wireless/ath/ath9k/htc_drv_txrx.c",
            "drivers/net/wireless/ath/ath9k/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1bc5461a21c56a36e2a7d81e152b90ce019a3905",
              "status": "affected",
              "version": "78c8397132dd4735ac6a7b5a651302f0b9f264ad",
              "versionType": "git"
            },
            {
              "lessThan": "f8ff4b4df71e87f609be0cc37d92e918107f9b90",
              "status": "affected",
              "version": "735aefae7b68025cd04c482a940c0f6fc6797a63",
              "versionType": "git"
            },
            {
              "lessThan": "74d0639261dd795dce958d1b14815bdcbb48a715",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "a015fbf698c8957aa5fbeefc5c59dd2cf3107298",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "ac90e22e735bac44f74b5161fb096fbeb0ff8bc2",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "4afa0246656d5680c8a4c3fb37ba6570c4ab819b",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "24355fcb0d4cbcb6ddda262596558e8cfba70f11",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7bbc1a50a7963f14048f0e54b0b73159f86d4ea3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc.h",
            "drivers/net/wireless/ath/ath9k/htc_drv_init.c",
            "drivers/net/wireless/ath/ath9k/htc_drv_txrx.c",
            "drivers/net/wireless/ath/ath9k/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.10.136",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.15.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.16.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete\n\nThe ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data\nstructures have been fully initialised by the time it runs. However, because of\nthe order in which things are initialised, this is not guaranteed to be the\ncase, because the device is exposed to the USB subsystem before the ath9k driver\ninitialisation is completed.\n\nWe already committed a partial fix for this in commit:\n8b3046abc99e (\"ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()\")\n\nHowever, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event\ntasklet, pairing it with an \"initialisation complete\" bit in the TX struct. It\nseems syzbot managed to trigger the race for one of the other commands as well,\nso let\u0027s just move the existing synchronisation bit to cover the whole\ntasklet (setting it at the end of ath9k_htc_probe_device() instead of inside\nath9k_tx_init())."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:07.571Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1bc5461a21c56a36e2a7d81e152b90ce019a3905"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8ff4b4df71e87f609be0cc37d92e918107f9b90"
        },
        {
          "url": "https://git.kernel.org/stable/c/74d0639261dd795dce958d1b14815bdcbb48a715"
        },
        {
          "url": "https://git.kernel.org/stable/c/a015fbf698c8957aa5fbeefc5c59dd2cf3107298"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac90e22e735bac44f74b5161fb096fbeb0ff8bc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/4afa0246656d5680c8a4c3fb37ba6570c4ab819b"
        },
        {
          "url": "https://git.kernel.org/stable/c/24355fcb0d4cbcb6ddda262596558e8cfba70f11"
        }
      ],
      "title": "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26897",
    "datePublished": "2024-04-17T10:27:47.842Z",
    "dateReserved": "2024-02-19T14:20:24.186Z",
    "dateUpdated": "2025-05-04T12:55:07.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35935 (GCVE-0-2024-35935)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

btrfs: send: handle path ref underflow in header iterate_inode_ref()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/be2b6bcc936ae17f4…
	https://git.kernel.org/stable/c/024529c27c8b4b273…
	https://git.kernel.org/stable/c/4720d590c4cb5d9ff…
	https://git.kernel.org/stable/c/2f6174fd4ccf403b4…
	https://git.kernel.org/stable/c/9ae356c627b493323…
	https://git.kernel.org/stable/c/c1363ed8867b81ea1…
	https://git.kernel.org/stable/c/03938619a1e718b61…
	https://git.kernel.org/stable/c/3c6ee34c6f9cd1280…

Impacted products

Vendor

Product

Version

Linux

Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < be2b6bcc936ae17f42fff6494106a5660b35d8d3 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 024529c27c8b4b273325a169e078337c8279e229 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 4720d590c4cb5d9ffa0060b89743651cc7e995f9 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 9ae356c627b493323e1433dcb27a26917668c07c (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < c1363ed8867b81ea169fba2ccc14af96a85ed183 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 03938619a1e718b6168ae4528e1b0f979293f1a5 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 3c6ee34c6f9cd12802326da26631232a61743501 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:55.413538Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/send.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "be2b6bcc936ae17f42fff6494106a5660b35d8d3",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "024529c27c8b4b273325a169e078337c8279e229",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "4720d590c4cb5d9ffa0060b89743651cc7e995f9",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "9ae356c627b493323e1433dcb27a26917668c07c",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "c1363ed8867b81ea169fba2ccc14af96a85ed183",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "03938619a1e718b6168ae4528e1b0f979293f1a5",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "3c6ee34c6f9cd12802326da26631232a61743501",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/send.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: send: handle path ref underflow in header iterate_inode_ref()\n\nChange BUG_ON to proper error handling if building the path buffer\nfails. The pointers are not printed so we don\u0027t accidentally leak kernel\naddresses."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:50.768Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
        },
        {
          "url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
        },
        {
          "url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
        }
      ],
      "title": "btrfs: send: handle path ref underflow in header iterate_inode_ref()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35935",
    "datePublished": "2024-05-19T10:10:42.319Z",
    "dateReserved": "2024-05-17T13:50:33.130Z",
    "dateUpdated": "2026-01-05T10:35:50.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35934 (GCVE-0-2024-35934)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()

Summary

In the Linux kernel, the following vulnerability has been resolved: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Many syzbot reports show extreme rtnl pressure, and many of them hint that smc acquires rtnl in netns creation for no good reason [1] This patch returns early from smc_pnet_net_init() if there is no netdevice yet. I am not even sure why smc_pnet_create_pnetids_list() even exists, because smc_pnet_netdev_event() is also calling smc_pnet_add_base_pnetid() when handling NETDEV_UP event. [1] extract of typical syzbot reports 2 locks held by syz-executor.3/12252: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.4/12253: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.1/12257: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.2/12261: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.0/12265: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.3/12268: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.4/12271: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.1/12274: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.2/12280: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bc4d1ebca11b4f194…
	https://git.kernel.org/stable/c/b9117dc783c0ab0a3…
	https://git.kernel.org/stable/c/d7ee3bf0caf599c14…
	https://git.kernel.org/stable/c/a2e6bffc0388526ed…
	https://git.kernel.org/stable/c/6e920422e7104928f…
	https://git.kernel.org/stable/c/00af2aa93b76b1bad…

Impacted products

Vendor

Product

Version

Linux

Affected: e888a2e8337c96dd785d204cf8ff775e79173add , < bc4d1ebca11b4f194e262326bd45938e857c59d2 (git)
Affected: e888a2e8337c96dd785d204cf8ff775e79173add , < b9117dc783c0ab0a3866812f70e07bf2ea071ac4 (git)
Affected: e888a2e8337c96dd785d204cf8ff775e79173add , < d7ee3bf0caf599c14db0bf4af7aacd6206ef8a23 (git)
Affected: e888a2e8337c96dd785d204cf8ff775e79173add , < a2e6bffc0388526ed10406040279a693d62b36ec (git)
Affected: e888a2e8337c96dd785d204cf8ff775e79173add , < 6e920422e7104928f760fc0e12b6d65ab097a2e7 (git)
Affected: e888a2e8337c96dd785d204cf8ff775e79173add , < 00af2aa93b76b1bade471ad0d0525d4d29ca5cc0 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc4d1ebca11b4f194e262326bd45938e857c59d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9117dc783c0ab0a3866812f70e07bf2ea071ac4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d7ee3bf0caf599c14db0bf4af7aacd6206ef8a23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2e6bffc0388526ed10406040279a693d62b36ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e920422e7104928f760fc0e12b6d65ab097a2e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00af2aa93b76b1bade471ad0d0525d4d29ca5cc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:58.599297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_pnet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bc4d1ebca11b4f194e262326bd45938e857c59d2",
              "status": "affected",
              "version": "e888a2e8337c96dd785d204cf8ff775e79173add",
              "versionType": "git"
            },
            {
              "lessThan": "b9117dc783c0ab0a3866812f70e07bf2ea071ac4",
              "status": "affected",
              "version": "e888a2e8337c96dd785d204cf8ff775e79173add",
              "versionType": "git"
            },
            {
              "lessThan": "d7ee3bf0caf599c14db0bf4af7aacd6206ef8a23",
              "status": "affected",
              "version": "e888a2e8337c96dd785d204cf8ff775e79173add",
              "versionType": "git"
            },
            {
              "lessThan": "a2e6bffc0388526ed10406040279a693d62b36ec",
              "status": "affected",
              "version": "e888a2e8337c96dd785d204cf8ff775e79173add",
              "versionType": "git"
            },
            {
              "lessThan": "6e920422e7104928f760fc0e12b6d65ab097a2e7",
              "status": "affected",
              "version": "e888a2e8337c96dd785d204cf8ff775e79173add",
              "versionType": "git"
            },
            {
              "lessThan": "00af2aa93b76b1bade471ad0d0525d4d29ca5cc0",
              "status": "affected",
              "version": "e888a2e8337c96dd785d204cf8ff775e79173add",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_pnet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()\n\nMany syzbot reports show extreme rtnl pressure, and many of them hint\nthat smc acquires rtnl in netns creation for no good reason [1]\n\nThis patch returns early from smc_pnet_net_init()\nif there is no netdevice yet.\n\nI am not even sure why smc_pnet_create_pnetids_list() even exists,\nbecause smc_pnet_netdev_event() is also calling\nsmc_pnet_add_base_pnetid() when handling NETDEV_UP event.\n\n[1] extract of typical syzbot reports\n\n2 locks held by syz-executor.3/12252:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.4/12253:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.1/12257:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.2/12261:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.0/12265:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.3/12268:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.4/12271:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.1/12274:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.2/12280:\n  #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n  #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:49.259Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bc4d1ebca11b4f194e262326bd45938e857c59d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9117dc783c0ab0a3866812f70e07bf2ea071ac4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7ee3bf0caf599c14db0bf4af7aacd6206ef8a23"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2e6bffc0388526ed10406040279a693d62b36ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e920422e7104928f760fc0e12b6d65ab097a2e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/00af2aa93b76b1bade471ad0d0525d4d29ca5cc0"
        }
      ],
      "title": "net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35934",
    "datePublished": "2024-05-19T10:10:41.668Z",
    "dateReserved": "2024-05-17T13:50:33.130Z",
    "dateUpdated": "2026-01-05T10:35:49.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26883 (GCVE-0-2024-26883)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 12:55

Title

bpf: Fix stackmap overflow check on 32-bit arches

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. The commit in the fixes tag actually attempted to fix this, but the fix did not account for the UB, so the fix only works on CPUs where an overflow does result in a neat truncation to zero, which is not guaranteed. Checking the value before rounding does not have this problem.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d0e214acc59145ce2…
	https://git.kernel.org/stable/c/21e5fa4688e1a4d3d…
	https://git.kernel.org/stable/c/15641007df0f0d35f…
	https://git.kernel.org/stable/c/ca1f06e72dec41ae4…
	https://git.kernel.org/stable/c/f06899582ccee09bd…
	https://git.kernel.org/stable/c/7070b274c7866a4c5…
	https://git.kernel.org/stable/c/43f798b9036491fb0…
	https://git.kernel.org/stable/c/0971126c8164abe20…
	https://git.kernel.org/stable/c/7a4b21250bf79eef2…

Impacted products

Vendor

Product

Version

Linux

Affected: 063c722dd9d285d877e6fd499e753d6224f4c046 , < d0e214acc59145ce25113f617311aa79dda39cb3 (git)
Affected: 7e3a6b820535eb395784060ae26c5af579528fa0 , < 21e5fa4688e1a4d3db6b72216231b24232f75c1d (git)
Affected: 8032bf2af9ce26b3a362b9711d15f626ab946a74 , < 15641007df0f0d35fa28742b25c2a7db9dcd6895 (git)
Affected: 6183f4d3a0a2ad230511987c6c362ca43ec0055f , < ca1f06e72dec41ae4f76e7b1a8a97265447b46ae (git)
Affected: 6183f4d3a0a2ad230511987c6c362ca43ec0055f , < f06899582ccee09bd85d0696290e3eaca9aa042d (git)
Affected: 6183f4d3a0a2ad230511987c6c362ca43ec0055f , < 7070b274c7866a4c5036f8d54fcaf315c64ac33a (git)
Affected: 6183f4d3a0a2ad230511987c6c362ca43ec0055f , < 43f798b9036491fb014b55dd61c4c5c3193267d0 (git)
Affected: 6183f4d3a0a2ad230511987c6c362ca43ec0055f , < 0971126c8164abe2004b8536b49690a0d6005b0a (git)
Affected: 6183f4d3a0a2ad230511987c6c362ca43ec0055f , < 7a4b21250bf79eef26543d35bd390448646c536b (git)
Affected: 253150830a012adfccf90afcebae8fda5b05a80f (git)
Affected: 766107351731ae223ebf60ca22bdfeb47ce6acc8 (git)

Linux

Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0e214acc59145ce25113f617311aa79dda39cb3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21e5fa4688e1a4d3db6b72216231b24232f75c1d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/15641007df0f0d35fa28742b25c2a7db9dcd6895"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca1f06e72dec41ae4f76e7b1a8a97265447b46ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f06899582ccee09bd85d0696290e3eaca9aa042d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7070b274c7866a4c5036f8d54fcaf315c64ac33a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43f798b9036491fb014b55dd61c4c5c3193267d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0971126c8164abe2004b8536b49690a0d6005b0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a4b21250bf79eef26543d35bd390448646c536b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:22.381696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:25.228Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/stackmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d0e214acc59145ce25113f617311aa79dda39cb3",
              "status": "affected",
              "version": "063c722dd9d285d877e6fd499e753d6224f4c046",
              "versionType": "git"
            },
            {
              "lessThan": "21e5fa4688e1a4d3db6b72216231b24232f75c1d",
              "status": "affected",
              "version": "7e3a6b820535eb395784060ae26c5af579528fa0",
              "versionType": "git"
            },
            {
              "lessThan": "15641007df0f0d35fa28742b25c2a7db9dcd6895",
              "status": "affected",
              "version": "8032bf2af9ce26b3a362b9711d15f626ab946a74",
              "versionType": "git"
            },
            {
              "lessThan": "ca1f06e72dec41ae4f76e7b1a8a97265447b46ae",
              "status": "affected",
              "version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
              "versionType": "git"
            },
            {
              "lessThan": "f06899582ccee09bd85d0696290e3eaca9aa042d",
              "status": "affected",
              "version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
              "versionType": "git"
            },
            {
              "lessThan": "7070b274c7866a4c5036f8d54fcaf315c64ac33a",
              "status": "affected",
              "version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
              "versionType": "git"
            },
            {
              "lessThan": "43f798b9036491fb014b55dd61c4c5c3193267d0",
              "status": "affected",
              "version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
              "versionType": "git"
            },
            {
              "lessThan": "0971126c8164abe2004b8536b49690a0d6005b0a",
              "status": "affected",
              "version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
              "versionType": "git"
            },
            {
              "lessThan": "7a4b21250bf79eef26543d35bd390448646c536b",
              "status": "affected",
              "version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "253150830a012adfccf90afcebae8fda5b05a80f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "766107351731ae223ebf60ca22bdfeb47ce6acc8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/stackmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.19.177",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "5.4.99",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.10.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.258",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.222",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stackmap overflow check on 32-bit arches\n\nThe stackmap code relies on roundup_pow_of_two() to compute the number\nof hash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code.\n\nThe commit in the fixes tag actually attempted to fix this, but the fix\ndid not account for the UB, so the fix only works on CPUs where an\noverflow does result in a neat truncation to zero, which is not\nguaranteed. Checking the value before rounding does not have this\nproblem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:01.991Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d0e214acc59145ce25113f617311aa79dda39cb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/21e5fa4688e1a4d3db6b72216231b24232f75c1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/15641007df0f0d35fa28742b25c2a7db9dcd6895"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca1f06e72dec41ae4f76e7b1a8a97265447b46ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/f06899582ccee09bd85d0696290e3eaca9aa042d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7070b274c7866a4c5036f8d54fcaf315c64ac33a"
        },
        {
          "url": "https://git.kernel.org/stable/c/43f798b9036491fb014b55dd61c4c5c3193267d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0971126c8164abe2004b8536b49690a0d6005b0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a4b21250bf79eef26543d35bd390448646c536b"
        }
      ],
      "title": "bpf: Fix stackmap overflow check on 32-bit arches",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26883",
    "datePublished": "2024-04-17T10:27:39.036Z",
    "dateReserved": "2024-02-19T14:20:24.185Z",
    "dateUpdated": "2025-05-04T12:55:01.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38634 (GCVE-0-2024-38634)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:21

Title

serial: max3100: Lock port->lock when calling uart_handle_cts_change()

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time of running. Make sure that it's taken by explicitly doing that. Without it we got a splat: WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0 ... Workqueue: max3100-0 max3100_work [max3100] RIP: 0010:uart_handle_cts_change+0xa6/0xb0 ... max3100_handlerx+0xc5/0x110 [max3100] max3100_work+0x12a/0x340 [max3100]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/44b38924135d2093e…
	https://git.kernel.org/stable/c/ea9b35372b58ac293…
	https://git.kernel.org/stable/c/cc121e3722a0a2c8f…
	https://git.kernel.org/stable/c/78dbda51bb4241b88…
	https://git.kernel.org/stable/c/8296bb9e5925b6634…
	https://git.kernel.org/stable/c/93df2fba6c7dfa9a2…
	https://git.kernel.org/stable/c/865b30c8661924ee9…
	https://git.kernel.org/stable/c/77ab53371a2066fdf…

Impacted products

Vendor

Product

Version

Linux

Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 44b38924135d2093e2ec1812969464845dd66dc9 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < ea9b35372b58ac2931bfc1d5bc25e839d1221e30 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < cc121e3722a0a2c8f716ef991e5425b180a5fb94 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 78dbda51bb4241b88a52d71620f06231a341f9ba (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 8296bb9e5925b6634259c5d4daee88f0cc0884ec (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 93df2fba6c7dfa9a2f08546ea9a5ca4728758458 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 865b30c8661924ee9145f442bf32cea549faa869 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 77ab53371a2066fdf9b895246505f5ef5a4b5d47 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:19:09.330989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:19:18.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:53.204Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/max3100.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "44b38924135d2093e2ec1812969464845dd66dc9",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "ea9b35372b58ac2931bfc1d5bc25e839d1221e30",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "cc121e3722a0a2c8f716ef991e5425b180a5fb94",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "78dbda51bb4241b88a52d71620f06231a341f9ba",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "8296bb9e5925b6634259c5d4daee88f0cc0884ec",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "93df2fba6c7dfa9a2f08546ea9a5ca4728758458",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "865b30c8661924ee9145f442bf32cea549faa869",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "77ab53371a2066fdf9b895246505f5ef5a4b5d47",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/max3100.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it\u0027s taken by explicitly doing\nthat. Without it we got a splat:\n\n  WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n  ...\n  Workqueue: max3100-0 max3100_work [max3100]\n  RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n  ...\n   max3100_handlerx+0xc5/0x110 [max3100]\n   max3100_work+0x12a/0x340 [max3100]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:46.722Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
        },
        {
          "url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
        },
        {
          "url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
        },
        {
          "url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
        }
      ],
      "title": "serial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38634",
    "datePublished": "2024-06-21T10:18:23.573Z",
    "dateReserved": "2024-06-18T19:36:34.947Z",
    "dateUpdated": "2025-11-04T17:21:53.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38560 (GCVE-0-2024-38560)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-11-04 17:21

Title

scsi: bfa: Ensure the copied buf is NUL terminated

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/481fc0c8617304a67…
	https://git.kernel.org/stable/c/595a6b98deec01b6d…
	https://git.kernel.org/stable/c/00b425ff089128320…
	https://git.kernel.org/stable/c/1708e3cf2488788cb…
	https://git.kernel.org/stable/c/7d3e694c4fe30f3ab…
	https://git.kernel.org/stable/c/204714e68015d6946…
	https://git.kernel.org/stable/c/7510fab46b1cbd168…
	https://git.kernel.org/stable/c/ecb76200f5557a288…
	https://git.kernel.org/stable/c/13d0cecb4626fae67…

Impacted products

Vendor

Product

Version

Linux

Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 481fc0c8617304a67649027c4a44723a139a0462 (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 595a6b98deec01b6dbb20139f71edcd5fb760ec2 (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 00b425ff0891283207d7bad607a2412225274d7a (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 1708e3cf2488788cba5489e4f913d227de757baf (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 204714e68015d6946279719fd464ecaf57240f35 (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 7510fab46b1cbd1680e2a096e779aec3334b4143 (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < ecb76200f5557a2886888aaa53702da1ab9e6cdf (git)
Affected: 9f30b674759b9a2da25aefe25d885161d8a911cb , < 13d0cecb4626fae67c00c84d3c7851f6b62f7df3 (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:28.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/481fc0c8617304a67649027c4a44723a139a0462"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/595a6b98deec01b6dbb20139f71edcd5fb760ec2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00b425ff0891283207d7bad607a2412225274d7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1708e3cf2488788cba5489e4f913d227de757baf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/204714e68015d6946279719fd464ecaf57240f35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7510fab46b1cbd1680e2a096e779aec3334b4143"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ecb76200f5557a2886888aaa53702da1ab9e6cdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13d0cecb4626fae67c00c84d3c7851f6b62f7df3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38560",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:14:37.926935Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:56.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/bfa/bfad_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "481fc0c8617304a67649027c4a44723a139a0462",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "595a6b98deec01b6dbb20139f71edcd5fb760ec2",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "00b425ff0891283207d7bad607a2412225274d7a",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "1708e3cf2488788cba5489e4f913d227de757baf",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "204714e68015d6946279719fd464ecaf57240f35",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "7510fab46b1cbd1680e2a096e779aec3334b4143",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "ecb76200f5557a2886888aaa53702da1ab9e6cdf",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            },
            {
              "lessThan": "13d0cecb4626fae67c00c84d3c7851f6b62f7df3",
              "status": "affected",
              "version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/bfa/bfad_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul instead\nof memdup_user."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:07.087Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/481fc0c8617304a67649027c4a44723a139a0462"
        },
        {
          "url": "https://git.kernel.org/stable/c/595a6b98deec01b6dbb20139f71edcd5fb760ec2"
        },
        {
          "url": "https://git.kernel.org/stable/c/00b425ff0891283207d7bad607a2412225274d7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/1708e3cf2488788cba5489e4f913d227de757baf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c"
        },
        {
          "url": "https://git.kernel.org/stable/c/204714e68015d6946279719fd464ecaf57240f35"
        },
        {
          "url": "https://git.kernel.org/stable/c/7510fab46b1cbd1680e2a096e779aec3334b4143"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecb76200f5557a2886888aaa53702da1ab9e6cdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/13d0cecb4626fae67c00c84d3c7851f6b62f7df3"
        }
      ],
      "title": "scsi: bfa: Ensure the copied buf is NUL terminated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38560",
    "datePublished": "2024-06-19T13:35:29.555Z",
    "dateReserved": "2024-06-18T19:36:34.922Z",
    "dateUpdated": "2025-11-04T17:21:28.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26900 (GCVE-0-2024-26900)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:59

Title

md: fix kmemleak of rdev->serial

Summary

In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fb5b347efd1bda989…
	https://git.kernel.org/stable/c/f3a1787dc48213f6c…
	https://git.kernel.org/stable/c/beaf11969fd5cbe6f…
	https://git.kernel.org/stable/c/9fd0198f7ef06ae0d…
	https://git.kernel.org/stable/c/6d32c832a88513f65…
	https://git.kernel.org/stable/c/4c1021ce46fc2fb61…
	https://git.kernel.org/stable/c/6cf350658736681b9…

Impacted products

Vendor

Product

Version

Linux

Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < fb5b347efd1bda989846ffc74679d181222fb123 (git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < f3a1787dc48213f6caea5ba7d47e0222e7fa34a9 (git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9 (git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 9fd0198f7ef06ae0d6636fb0578560857dead995 (git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 6d32c832a88513f65c2c2c9c75954ee8b387adea (git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 4c1021ce46fc2fb6115f7e79d353941e6dcad366 (git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T16:02:57.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240912-0011/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26900",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:06.560564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:23.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fb5b347efd1bda989846ffc74679d181222fb123",
              "status": "affected",
              "version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
              "versionType": "git"
            },
            {
              "lessThan": "f3a1787dc48213f6caea5ba7d47e0222e7fa34a9",
              "status": "affected",
              "version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
              "versionType": "git"
            },
            {
              "lessThan": "beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9",
              "status": "affected",
              "version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
              "versionType": "git"
            },
            {
              "lessThan": "9fd0198f7ef06ae0d6636fb0578560857dead995",
              "status": "affected",
              "version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
              "versionType": "git"
            },
            {
              "lessThan": "6d32c832a88513f65c2c2c9c75954ee8b387adea",
              "status": "affected",
              "version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
              "versionType": "git"
            },
            {
              "lessThan": "4c1021ce46fc2fb6115f7e79d353941e6dcad366",
              "status": "affected",
              "version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
              "versionType": "git"
            },
            {
              "lessThan": "6cf350658736681b9d6b0b6e58c5c76b235bb4c4",
              "status": "affected",
              "version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev-\u003eserial\n\nIf kobject_add() is fail in bind_rdev_to_array(), \u0027rdev-\u003eserial\u0027 will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n  comm \"mdadm\", pid 789, jiffies 4294716910\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc f773277a):\n    [\u003c0000000058b0a453\u003e] kmemleak_alloc+0x61/0xe0\n    [\u003c00000000366adf14\u003e] __kmalloc_large_node+0x15e/0x270\n    [\u003c000000002e82961b\u003e] __kmalloc_node.cold+0x11/0x7f\n    [\u003c00000000f206d60a\u003e] kvmalloc_node+0x74/0x150\n    [\u003c0000000034bf3363\u003e] rdev_init_serial+0x67/0x170\n    [\u003c0000000010e08fe9\u003e] mddev_create_serial_pool+0x62/0x220\n    [\u003c00000000c3837bf0\u003e] bind_rdev_to_array+0x2af/0x630\n    [\u003c0000000073c28560\u003e] md_add_new_disk+0x400/0x9f0\n    [\u003c00000000770e30ff\u003e] md_ioctl+0x15bf/0x1c10\n    [\u003c000000006cfab718\u003e] blkdev_ioctl+0x191/0x3f0\n    [\u003c0000000085086a11\u003e] vfs_ioctl+0x22/0x60\n    [\u003c0000000018b656fe\u003e] __x64_sys_ioctl+0xba/0xe0\n    [\u003c00000000e54e675e\u003e] do_syscall_64+0x71/0x150\n    [\u003c000000008b0ad622\u003e] entry_SYSCALL_64_after_hwframe+0x6c/0x74"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:13.975Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
        },
        {
          "url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
        }
      ],
      "title": "md: fix kmemleak of rdev-\u003eserial",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26900",
    "datePublished": "2024-04-17T10:27:49.707Z",
    "dateReserved": "2024-02-19T14:20:24.187Z",
    "dateUpdated": "2025-05-04T08:59:13.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35976 (GCVE-0-2024-35976)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-11-04 17:20

Title

xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

Summary

In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to validate setsockopt() @optlen parameter. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420 Read of size 4 at addr ffff888028c6cde3 by task syz-executor.0/7549 CPU: 0 PID: 7549 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420 do_sock_setsockopt+0x3af/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fb40587de69 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb40665a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fb4059abf80 RCX: 00007fb40587de69 RDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000006 RBP: 00007fb4058ca47a R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020001980 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fb4059abf80 R15: 00007fff57ee4d08 </TASK> Allocated by task 7549: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:3966 [inline] __kmalloc+0x233/0x4a0 mm/slub.c:3979 kmalloc include/linux/slab.h:632 [inline] __cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869 do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 The buggy address belongs to the object at ffff888028c6cde0 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 1 bytes to the right of allocated 2-byte region [ffff888028c6cde0, ffff888028c6cde2) The buggy address belongs to the physical page: page:ffffea0000a31b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888028c6c9c0 pfn:0x28c6c anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000800 ffff888014c41280 0000000000000000 dead000000000001 raw: ffff888028c6c9c0 0000000080800057 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 6648, tgid 6644 (syz-executor.0), ts 133906047828, free_ts 133859922223 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533 prep_new_page mm/page_alloc.c: ---truncated---

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-787 - Out-of-bounds Write

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/beb99266830520e15…
	https://git.kernel.org/stable/c/0b45c25d60e38f5c2…
	https://git.kernel.org/stable/c/a82984b3c6a7e8c79…
	https://git.kernel.org/stable/c/f0a068de65d5b7358…
	https://git.kernel.org/stable/c/2a523f14a3f53b46f…
	https://git.kernel.org/stable/c/b143e19dc28c3211f…
	https://git.kernel.org/stable/c/2eb979fbb2479bcd7…
	https://git.kernel.org/stable/c/237f3cf13b20db183…

Impacted products

Vendor

Product

Version

Linux

Affected: 423f38329d267969130fb6f2c685f73d72687558 , < beb99266830520e15fbc6ca8cc5a5240d76851fd (git)
Affected: 423f38329d267969130fb6f2c685f73d72687558 , < 0b45c25d60e38f5c2cb6823f886773a34323306d (git)
Affected: 423f38329d267969130fb6f2c685f73d72687558 , < a82984b3c6a7e8c7937dba6e857ddf829d149417 (git)
Affected: 423f38329d267969130fb6f2c685f73d72687558 , < f0a068de65d5b7358e9aff792716afa9333f3922 (git)
Affected: 423f38329d267969130fb6f2c685f73d72687558 , < 2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa (git)
Affected: 423f38329d267969130fb6f2c685f73d72687558 , < b143e19dc28c3211f050f7848d87d9b0a170e10c (git)
Affected: 423f38329d267969130fb6f2c685f73d72687558 , < 2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6 (git)
Affected: 423f38329d267969130fb6f2c685f73d72687558 , < 237f3cf13b20db183d3706d997eedc3c49eacd44 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:4.18:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "4.18"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:37:56.972231Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:07.661Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:53.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/beb99266830520e15fbc6ca8cc5a5240d76851fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b45c25d60e38f5c2cb6823f886773a34323306d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a82984b3c6a7e8c7937dba6e857ddf829d149417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0a068de65d5b7358e9aff792716afa9333f3922"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b143e19dc28c3211f050f7848d87d9b0a170e10c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/237f3cf13b20db183d3706d997eedc3c49eacd44"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "beb99266830520e15fbc6ca8cc5a5240d76851fd",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            },
            {
              "lessThan": "0b45c25d60e38f5c2cb6823f886773a34323306d",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            },
            {
              "lessThan": "a82984b3c6a7e8c7937dba6e857ddf829d149417",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            },
            {
              "lessThan": "f0a068de65d5b7358e9aff792716afa9333f3922",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            },
            {
              "lessThan": "2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            },
            {
              "lessThan": "b143e19dc28c3211f050f7848d87d9b0a170e10c",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            },
            {
              "lessThan": "2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            },
            {
              "lessThan": "237f3cf13b20db183d3706d997eedc3c49eacd44",
              "status": "affected",
              "version": "423f38329d267969130fb6f2c685f73d72687558",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING\n\nsyzbot reported an illegal copy in xsk_setsockopt() [1]\n\nMake sure to validate setsockopt() @optlen parameter.\n\n[1]\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420\nRead of size 4 at addr ffff888028c6cde3 by task syz-executor.0/7549\n\nCPU: 0 PID: 7549 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:88 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n  copy_from_sockptr include/linux/sockptr.h:55 [inline]\n  xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420\n  do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n  __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n  __do_sys_setsockopt net/socket.c:2343 [inline]\n  __se_sys_setsockopt net/socket.c:2340 [inline]\n  __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7fb40587de69\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fb40665a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fb4059abf80 RCX: 00007fb40587de69\nRDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000006\nRBP: 00007fb4058ca47a R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020001980 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fb4059abf80 R15: 00007fff57ee4d08\n \u003c/TASK\u003e\n\nAllocated by task 7549:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n  __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n  kasan_kmalloc include/linux/kasan.h:211 [inline]\n  __do_kmalloc_node mm/slub.c:3966 [inline]\n  __kmalloc+0x233/0x4a0 mm/slub.c:3979\n  kmalloc include/linux/slab.h:632 [inline]\n  __cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869\n  do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n  __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n  __do_sys_setsockopt net/socket.c:2343 [inline]\n  __se_sys_setsockopt net/socket.c:2340 [inline]\n  __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nThe buggy address belongs to the object at ffff888028c6cde0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 1 bytes to the right of\n allocated 2-byte region [ffff888028c6cde0, ffff888028c6cde2)\n\nThe buggy address belongs to the physical page:\npage:ffffea0000a31b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888028c6c9c0 pfn:0x28c6c\nanon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xffffffff()\nraw: 00fff00000000800 ffff888014c41280 0000000000000000 dead000000000001\nraw: ffff888028c6c9c0 0000000080800057 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as allocated\npage last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 6648, tgid 6644 (syz-executor.0), ts 133906047828, free_ts 133859922223\n  set_page_owner include/linux/page_owner.h:31 [inline]\n  post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533\n  prep_new_page mm/page_alloc.c:\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:36.804Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/beb99266830520e15fbc6ca8cc5a5240d76851fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b45c25d60e38f5c2cb6823f886773a34323306d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a82984b3c6a7e8c7937dba6e857ddf829d149417"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0a068de65d5b7358e9aff792716afa9333f3922"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b143e19dc28c3211f050f7848d87d9b0a170e10c"
        },
        {
          "url": "https://git.kernel.org/stable/c/2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/237f3cf13b20db183d3706d997eedc3c49eacd44"
        }
      ],
      "title": "xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35976",
    "datePublished": "2024-05-20T09:42:02.415Z",
    "dateReserved": "2024-05-17T13:50:33.143Z",
    "dateUpdated": "2025-11-04T17:20:53.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26906 (GCVE-0-2024-26906)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-01-05 10:34

Title

x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address: ffffffffff600000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ...... RIP: 0010:copy_from_kernel_nofault+0x6f/0x110 ...... Call Trace: <TASK> ? copy_from_kernel_nofault+0x6f/0x110 bpf_probe_read_kernel+0x1d/0x50 bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d trace_call_bpf+0xc5/0x1c0 perf_call_bpf_enter.isra.0+0x69/0xb0 perf_syscall_enter+0x13e/0x200 syscall_trace_enter+0x188/0x1c0 do_syscall_64+0xb5/0xe0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> ...... ---[ end trace 0000000000000000 ]--- The oops is triggered when: 1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall page and invokes copy_from_kernel_nofault() which in turn calls __get_user_asm(). 2) Because the vsyscall page address is not readable from kernel space, a page fault exception is triggered accordingly. 3) handle_page_fault() considers the vsyscall page address as a user space address instead of a kernel space address. This results in the fix-up setup by bpf not being applied and a page_fault_oops() is invoked due to SMAP. Considering handle_page_fault() has already considered the vsyscall page address as a userspace address, fix the problem by disallowing vsyscall page read for copy_from_kernel_nofault().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6e4694e65b6db4c3d…
	https://git.kernel.org/stable/c/e8a67fe34b76a4932…
	https://git.kernel.org/stable/c/f175de546a3eb7761…
	https://git.kernel.org/stable/c/57f78c46f08198e1b…
	https://git.kernel.org/stable/c/29bd6f86904682ada…
	https://git.kernel.org/stable/c/32019c659ecfe1d92…

Impacted products

Vendor

Product

Version

Linux

Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 6e4694e65b6db4c3de125115dd4f55848cc48381 (git)
Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < e8a67fe34b76a49320b33032228a794f40b0316b (git)
Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < f175de546a3eb77614d94d4c02550181c0a8493e (git)
Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 57f78c46f08198e1be08ffe99c4c1ccc12855bf5 (git)
Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 29bd6f86904682adafe9affbc7f79b14defcaff8 (git)
Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8a67fe34b76a49320b33032228a794f40b0316b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f175de546a3eb77614d94d4c02550181c0a8493e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57f78c46f08198e1be08ffe99c4c1ccc12855bf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29bd6f86904682adafe9affbc7f79b14defcaff8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:47:59.842385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:22.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/maccess.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6e4694e65b6db4c3de125115dd4f55848cc48381",
              "status": "affected",
              "version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
              "versionType": "git"
            },
            {
              "lessThan": "e8a67fe34b76a49320b33032228a794f40b0316b",
              "status": "affected",
              "version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
              "versionType": "git"
            },
            {
              "lessThan": "f175de546a3eb77614d94d4c02550181c0a8493e",
              "status": "affected",
              "version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
              "versionType": "git"
            },
            {
              "lessThan": "57f78c46f08198e1be08ffe99c4c1ccc12855bf5",
              "status": "affected",
              "version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
              "versionType": "git"
            },
            {
              "lessThan": "29bd6f86904682adafe9affbc7f79b14defcaff8",
              "status": "affected",
              "version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
              "versionType": "git"
            },
            {
              "lessThan": "32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58",
              "status": "affected",
              "version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/maccess.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()\n\nWhen trying to use copy_from_kernel_nofault() to read vsyscall page\nthrough a bpf program, the following oops was reported:\n\n  BUG: unable to handle page fault for address: ffffffffff600000\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0\n  Oops: 0000 [#1] PREEMPT SMP PTI\n  CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n  RIP: 0010:copy_from_kernel_nofault+0x6f/0x110\n  ......\n  Call Trace:\n   \u003cTASK\u003e\n   ? copy_from_kernel_nofault+0x6f/0x110\n   bpf_probe_read_kernel+0x1d/0x50\n   bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d\n   trace_call_bpf+0xc5/0x1c0\n   perf_call_bpf_enter.isra.0+0x69/0xb0\n   perf_syscall_enter+0x13e/0x200\n   syscall_trace_enter+0x188/0x1c0\n   do_syscall_64+0xb5/0xe0\n   entry_SYSCALL_64_after_hwframe+0x6e/0x76\n   \u003c/TASK\u003e\n  ......\n  ---[ end trace 0000000000000000 ]---\n\nThe oops is triggered when:\n\n1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall\npage and invokes copy_from_kernel_nofault() which in turn calls\n__get_user_asm().\n\n2) Because the vsyscall page address is not readable from kernel space,\na page fault exception is triggered accordingly.\n\n3) handle_page_fault() considers the vsyscall page address as a user\nspace address instead of a kernel space address. This results in the\nfix-up setup by bpf not being applied and a page_fault_oops() is invoked\ndue to SMAP.\n\nConsidering handle_page_fault() has already considered the vsyscall page\naddress as a userspace address, fix the problem by disallowing vsyscall\npage read for copy_from_kernel_nofault()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:56.268Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8a67fe34b76a49320b33032228a794f40b0316b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f175de546a3eb77614d94d4c02550181c0a8493e"
        },
        {
          "url": "https://git.kernel.org/stable/c/57f78c46f08198e1be08ffe99c4c1ccc12855bf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/29bd6f86904682adafe9affbc7f79b14defcaff8"
        },
        {
          "url": "https://git.kernel.org/stable/c/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58"
        }
      ],
      "title": "x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26906",
    "datePublished": "2024-04-17T10:27:53.573Z",
    "dateReserved": "2024-02-19T14:20:24.187Z",
    "dateUpdated": "2026-01-05T10:34:56.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26863 (GCVE-0-2024-26863)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

hsr: Fix uninit-value access in hsr_get_node()

Summary

In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 fill_frame_info net/hsr/hsr_forward.c:577 [inline] hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615 hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 packet_alloc_skb net/packet/af_packet.c:2936 [inline] packet_snd net/packet/af_packet.c:3030 [inline] packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 ===================================================== If the packet type ID field in the Ethernet header is either ETH_P_PRP or ETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr() reads an invalid value as a sequence number. This causes the above issue. This patch fixes the issue by returning NULL if the Ethernet header is not followed by an HSR tag.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e3b2bfb8ff1810a53…
	https://git.kernel.org/stable/c/889ed056eae7fda85…
	https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a…
	https://git.kernel.org/stable/c/a809bbfd0e503351d…
	https://git.kernel.org/stable/c/1ed222ca7396938eb…
	https://git.kernel.org/stable/c/39cc316fb3bc5e7c9…
	https://git.kernel.org/stable/c/97d2148ea435dff4b…
	https://git.kernel.org/stable/c/09e5cdbe2cc88c3c7…
	https://git.kernel.org/stable/c/ddbec99f585713016…

Impacted products

Vendor

Product

Version

Linux

Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < e3b2bfb8ff1810a537b2aa55ba906a6743ed120c (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 889ed056eae7fda85b769a9ab33c093379c45428 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < a809bbfd0e503351d3051317288a70a4569a4949 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 1ed222ca7396938eb1ab2d034f1ba0d8b00a7122 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 39cc316fb3bc5e7c9dc5eed314fe510d119c6862 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 97d2148ea435dff4b4e71817c9032eb321bcd37e (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 09e5cdbe2cc88c3c758927644a3eb02fac317209 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < ddbec99f58571301679addbc022256970ca3eac6 (git)

Linux

Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26863",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T14:26:51.386344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:38.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/hsr/hsr_framereg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3b2bfb8ff1810a537b2aa55ba906a6743ed120c",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "889ed056eae7fda85b769a9ab33c093379c45428",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "a809bbfd0e503351d3051317288a70a4569a4949",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "1ed222ca7396938eb1ab2d034f1ba0d8b00a7122",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "39cc316fb3bc5e7c9dc5eed314fe510d119c6862",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "97d2148ea435dff4b4e71817c9032eb321bcd37e",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "09e5cdbe2cc88c3c758927644a3eb02fac317209",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "ddbec99f58571301679addbc022256970ca3eac6",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/hsr/hsr_framereg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in hsr_get_node()\n\nKMSAN reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n fill_frame_info net/hsr/hsr_forward.c:577 [inline]\n hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615\n hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nIf the packet type ID field in the Ethernet header is either ETH_P_PRP or\nETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()\nreads an invalid value as a sequence number. This causes the above issue.\n\nThis patch fixes the issue by returning NULL if the Ethernet header is not\nfollowed by an HSR tag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:14.505Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c"
        },
        {
          "url": "https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122"
        },
        {
          "url": "https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862"
        },
        {
          "url": "https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6"
        }
      ],
      "title": "hsr: Fix uninit-value access in hsr_get_node()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26863",
    "datePublished": "2024-04-17T10:27:26.252Z",
    "dateReserved": "2024-02-19T14:20:24.184Z",
    "dateUpdated": "2025-05-04T08:58:14.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39292 (GCVE-0-2024-39292)

Vulnerability from cvelistv5 – Published: 2024-06-24 13:52 – Updated: 2025-11-04 17:21

Title

um: Add winch to winch_handlers before registering winch IRQ

Summary

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winch_handlers list. If that happens, register_winch_irq() adds to that list a winch that is scheduled to be (or has already been) freed, causing a panic later in winch_cleanup(). Avoid the race by adding the winch to the winch_handlers list before registering the IRQ, and rolling back if um_request_irq() fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/66ea9a7c682482147…
	https://git.kernel.org/stable/c/dc1ff95602ee908fc…
	https://git.kernel.org/stable/c/351d1a64544944b44…
	https://git.kernel.org/stable/c/31960d991e43c8d6d…
	https://git.kernel.org/stable/c/0c02d425a2fbe5264…
	https://git.kernel.org/stable/c/434a06c38ee1217a8…
	https://git.kernel.org/stable/c/73b8e21f76c7dda49…
	https://git.kernel.org/stable/c/a0fbbd36c156b9f7b…

Impacted products

Vendor

Product

Version

Linux

Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 66ea9a7c6824821476914bed21a476cd20094f33 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 351d1a64544944b44732f6a64ed65573b00b9e14 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 31960d991e43c8d6dc07245f19fc13398e90ead2 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 0c02d425a2fbe52643a5859a779db0329e7dddd4 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 434a06c38ee1217a8baa0dd7c37cc85d50138fb0 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 73b8e21f76c7dda4905655d2e2c17dc5a73b87f1 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < a0fbbd36c156b9f7b2276871d499c9943dfe5101 (git)

Linux

Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T15:15:10.639136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T15:15:20.044Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:58.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/line.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "66ea9a7c6824821476914bed21a476cd20094f33",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "351d1a64544944b44732f6a64ed65573b00b9e14",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "31960d991e43c8d6dc07245f19fc13398e90ead2",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "0c02d425a2fbe52643a5859a779db0329e7dddd4",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "434a06c38ee1217a8baa0dd7c37cc85d50138fb0",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "73b8e21f76c7dda4905655d2e2c17dc5a73b87f1",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "a0fbbd36c156b9f7b2276871d499c9943dfe5101",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/line.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: Add winch to winch_handlers before registering winch IRQ\n\nRegistering a winch IRQ is racy, an interrupt may occur before the winch is\nadded to the winch_handlers list.\n\nIf that happens, register_winch_irq() adds to that list a winch that is\nscheduled to be (or has already been) freed, causing a panic later in\nwinch_cleanup().\n\nAvoid the race by adding the winch to the winch_handlers list before\nregistering the IRQ, and rolling back if um_request_irq() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:11.229Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14"
        },
        {
          "url": "https://git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4"
        },
        {
          "url": "https://git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101"
        }
      ],
      "title": "um: Add winch to winch_handlers before registering winch IRQ",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39292",
    "datePublished": "2024-06-24T13:52:26.769Z",
    "dateReserved": "2024-06-21T11:16:40.627Z",
    "dateUpdated": "2025-11-04T17:21:58.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27413 (GCVE-0-2024-27413)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:50 – Updated: 2025-05-04 12:55

Title

efi/capsule-loader: fix incorrect allocation size

Summary

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/00cf21ac526011a29…
	https://git.kernel.org/stable/c/950d4d74d311a18ba…
	https://git.kernel.org/stable/c/537e3f49dbe88881a…
	https://git.kernel.org/stable/c/4b73473c050a612fb…
	https://git.kernel.org/stable/c/ddc547dd05a467208…
	https://git.kernel.org/stable/c/11aabd7487857b8e7…
	https://git.kernel.org/stable/c/62a5dcd9bd3097e98…
	https://git.kernel.org/stable/c/fccfa646ef3628097…

Impacted products

Vendor

Product

Version

Linux

Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 00cf21ac526011a29fc708f8912da446fac19f7b (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 950d4d74d311a18baed6878dbfba8180d7e5dddd (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 537e3f49dbe88881a6f0752beaa596942d9efd64 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 4b73473c050a612fb4317831371073eda07c3050 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < ddc547dd05a46720866c32022300f7376c40119f (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 11aabd7487857b8e7d768fefb092f66dfde68492 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 62a5dcd9bd3097e9813de62fa6f22815e84a0172 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e (git)
Affected: 95a362c9a6892085f714eb6e31eea6a0e3aa93bf (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 4.19.309 , ≤ 4.19.* (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27413",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:39:33.014498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:43:44.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/capsule-loader.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "00cf21ac526011a29fc708f8912da446fac19f7b",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "950d4d74d311a18baed6878dbfba8180d7e5dddd",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "537e3f49dbe88881a6f0752beaa596942d9efd64",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "4b73473c050a612fb4317831371073eda07c3050",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "ddc547dd05a46720866c32022300f7376c40119f",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "11aabd7487857b8e7d768fefb092f66dfde68492",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "62a5dcd9bd3097e9813de62fa6f22815e84a0172",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "95a362c9a6892085f714eb6e31eea6a0e3aa93bf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/capsule-loader.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.309",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect allocation size\n\ngcc-14 notices that the allocation with sizeof(void) on 32-bit architectures\nis not enough for a 64-bit phys_addr_t:\n\ndrivers/firmware/efi/capsule-loader.c: In function \u0027efi_capsule_open\u0027:\ndrivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size \u00274\u0027 for type \u0027phys_addr_t\u0027 {aka \u0027long long unsigned int\u0027} with size \u00278\u0027 [-Werror=alloc-size]\n  295 |         cap_info-\u003ephys = kzalloc(sizeof(void *), GFP_KERNEL);\n      |                        ^\n\nUse the correct type instead here."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:41.446Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
        },
        {
          "url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
        },
        {
          "url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
        },
        {
          "url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
        },
        {
          "url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
        }
      ],
      "title": "efi/capsule-loader: fix incorrect allocation size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27413",
    "datePublished": "2024-05-17T11:50:53.780Z",
    "dateReserved": "2024-02-25T13:47:42.682Z",
    "dateUpdated": "2025-05-04T12:55:41.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36005 (GCVE-0-2024-36005)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

netfilter: nf_tables: honor table dormant flag from netdev release event path

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999] ------------[ cut here ]------------ [524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260 [...] [524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365 [524854.858869] Workqueue: netns cleanup_net [524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260 [524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff <0f> 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41 [524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246 [524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a [524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438 [524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34 [524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005 [524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00 [524854.858971] FS: 0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [524854.858982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0 [524854.859000] Call Trace: [524854.859006] <TASK> [524854.859013] ? __warn+0x9f/0x1a0 [524854.859027] ? __nf_unregister_net_hook+0x21a/0x260 [524854.859044] ? report_bug+0x1b1/0x1e0 [524854.859060] ? handle_bug+0x3c/0x70 [524854.859071] ? exc_invalid_op+0x17/0x40 [524854.859083] ? asm_exc_invalid_op+0x1a/0x20 [524854.859100] ? __nf_unregister_net_hook+0x6a/0x260 [524854.859116] ? __nf_unregister_net_hook+0x21a/0x260 [524854.859135] nf_tables_netdev_event+0x337/0x390 [nf_tables] [524854.859304] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables] [524854.859461] ? packet_notifier+0xb3/0x360 [524854.859476] ? _raw_spin_unlock_irqrestore+0x11/0x40 [524854.859489] ? dcbnl_netdevice_event+0x35/0x140 [524854.859507] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables] [524854.859661] notifier_call_chain+0x7d/0x140 [524854.859677] unregister_netdevice_many_notify+0x5e1/0xae0

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e4bb6da24de336a78…
	https://git.kernel.org/stable/c/5c45feb3c288cf44a…
	https://git.kernel.org/stable/c/13ba94f6cc820fdea…
	https://git.kernel.org/stable/c/8260c980aee7d8d8a…
	https://git.kernel.org/stable/c/ca34c40d1c22c555f…
	https://git.kernel.org/stable/c/8e30abc9ace4f0add…

Impacted products

Vendor

Product

Version

Linux

Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < e4bb6da24de336a7899033a65490ed2d892efa5b (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 5c45feb3c288cf44a529e2657b36c259d86497d2 (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 13ba94f6cc820fdea15efeaa17d4c722874eebf9 (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 8260c980aee7d8d8a3db39faf19c391d2f898816 (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < ca34c40d1c22c555fa7f4a21a1c807fea7290a0a (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 8e30abc9ace4f0add4cd761dfdbfaebae5632dd2 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:11:00.848539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:43.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e4bb6da24de336a7899033a65490ed2d892efa5b",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "5c45feb3c288cf44a529e2657b36c259d86497d2",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "13ba94f6cc820fdea15efeaa17d4c722874eebf9",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "8260c980aee7d8d8a3db39faf19c391d2f898816",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "ca34c40d1c22c555fa7f4a21a1c807fea7290a0a",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "8e30abc9ace4f0add4cd761dfdbfaebae5632dd2",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: honor table dormant flag from netdev release event path\n\nCheck for table dormant flag otherwise netdev release event path tries\nto unregister an already unregistered hook.\n\n[524854.857999] ------------[ cut here ]------------\n[524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365\n[524854.858869] Workqueue: netns cleanup_net\n[524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260\n[524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff \u003c0f\u003e 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41\n[524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246\n[524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a\n[524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438\n[524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34\n[524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005\n[524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00\n[524854.858971] FS:  0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[524854.858982] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0\n[524854.859000] Call Trace:\n[524854.859006]  \u003cTASK\u003e\n[524854.859013]  ? __warn+0x9f/0x1a0\n[524854.859027]  ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859044]  ? report_bug+0x1b1/0x1e0\n[524854.859060]  ? handle_bug+0x3c/0x70\n[524854.859071]  ? exc_invalid_op+0x17/0x40\n[524854.859083]  ? asm_exc_invalid_op+0x1a/0x20\n[524854.859100]  ? __nf_unregister_net_hook+0x6a/0x260\n[524854.859116]  ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859135]  nf_tables_netdev_event+0x337/0x390 [nf_tables]\n[524854.859304]  ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859461]  ? packet_notifier+0xb3/0x360\n[524854.859476]  ? _raw_spin_unlock_irqrestore+0x11/0x40\n[524854.859489]  ? dcbnl_netdevice_event+0x35/0x140\n[524854.859507]  ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859661]  notifier_call_chain+0x7d/0x140\n[524854.859677]  unregister_netdevice_many_notify+0x5e1/0xae0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:20.855Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
        }
      ],
      "title": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36005",
    "datePublished": "2024-05-20T09:48:05.568Z",
    "dateReserved": "2024-05-17T13:50:33.150Z",
    "dateUpdated": "2025-05-04T09:10:20.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35830 (GCVE-0-2024-35830)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:41 – Updated: 2025-05-04 09:06

Title

media: tc358743: register v4l2 async device only after successful setup

Summary

In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/17c2650de14842c25…
	https://git.kernel.org/stable/c/daf21394f9898fb9f…
	https://git.kernel.org/stable/c/610f20e5cf35ca9c0…
	https://git.kernel.org/stable/c/b8505a1aee8f1edc9…
	https://git.kernel.org/stable/c/8ba8db9786b55047d…
	https://git.kernel.org/stable/c/edbb3226c985469a2…
	https://git.kernel.org/stable/c/c915c46a25c3efb08…
	https://git.kernel.org/stable/c/4f1490a5d7a0472ee…
	https://git.kernel.org/stable/c/87399f1ff92203d65…

Impacted products

Vendor

Product

Version

Linux

Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 17c2650de14842c25c569cbb2126c421489a3a24 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < daf21394f9898fb9f0698c3e50de08132d2164e6 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 610f20e5cf35ca9c0992693cae0dd8643ce932e7 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < b8505a1aee8f1edc9d16d72ae09c93de086e2a1a (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 8ba8db9786b55047df5ad3db3e01dd886687a77d (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < edbb3226c985469a2f8eb69885055c9f5550f468 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < c915c46a25c3efb084c4f5e69a053d7f7a635496 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 4f1490a5d7a0472ee5d9f36547bc4ba46be755c7 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 87399f1ff92203d65f1febf5919429f4bb613a02 (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:42:22.059592Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:20.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/tc358743.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "17c2650de14842c25c569cbb2126c421489a3a24",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "daf21394f9898fb9f0698c3e50de08132d2164e6",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "610f20e5cf35ca9c0992693cae0dd8643ce932e7",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "b8505a1aee8f1edc9d16d72ae09c93de086e2a1a",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "8ba8db9786b55047df5ad3db3e01dd886687a77d",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "edbb3226c985469a2f8eb69885055c9f5550f468",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "c915c46a25c3efb084c4f5e69a053d7f7a635496",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "4f1490a5d7a0472ee5d9f36547bc4ba46be755c7",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "87399f1ff92203d65f1febf5919429f4bb613a02",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/tc358743.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tc358743: register v4l2 async device only after successful setup\n\nEnsure the device has been setup correctly before registering the v4l2\nasync device, thus allowing userspace to access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:21.297Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
        },
        {
          "url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
        },
        {
          "url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
        },
        {
          "url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
        }
      ],
      "title": "media: tc358743: register v4l2 async device only after successful setup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35830",
    "datePublished": "2024-05-17T13:41:19.675Z",
    "dateReserved": "2024-05-17T12:19:12.348Z",
    "dateUpdated": "2025-05-04T09:06:21.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35962 (GCVE-0-2024-35962)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2025-05-04 09:09

Title

netfilter: complete validation of user input

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform the @optlen validation before even calling xt_alloc_table_info() with the following check: if ((u64)optlen < (u64)tmp.size + sizeof(tmp)) return -EINVAL;

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cf4bc359b76144a3d…
	https://git.kernel.org/stable/c/97dab36e57c64106e…
	https://git.kernel.org/stable/c/c760089aa98289b4b…
	https://git.kernel.org/stable/c/89242d9584c342cb8…
	https://git.kernel.org/stable/c/562b7245131f6e9f1…
	https://git.kernel.org/stable/c/65acf6e0501ac8880…

Impacted products

Vendor

Product

Version

Linux

Affected: 0f038242b77ddfc505bf4163d4904c1abd2e74d6 , < cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05 (git)
Affected: 440e948cf0eff32cfe322dcbca3f2525354b159b , < 97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7 (git)
Affected: 18aae2cb87e5faa9c5bd865260ceadac60d5a6c5 , < c760089aa98289b4b88a7ff5a62dd92845adf223 (git)
Affected: 81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525 , < 89242d9584c342cb83311b598d9e6b82572eadf8 (git)
Affected: 58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018 , < 562b7245131f6e9f1d280c8b5a8750f03edfc05c (git)
Affected: 0c83842df40f86e529db6842231154772c20edcc , < 65acf6e0501ac8880a4f73980d01b5d27648b956 (git)

Linux

Affected: 5.10.215 , < 5.10.216 (semver)
Affected: 5.15.154 , < 5.15.156 (semver)
Affected: 6.1.85 , < 6.1.87 (semver)
Affected: 6.6.26 , < 6.6.28 (semver)
Affected: 6.8.5 , < 6.8.7 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35962",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:32.586631Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:14.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/netfilter/arp_tables.c",
            "net/ipv4/netfilter/ip_tables.c",
            "net/ipv6/netfilter/ip6_tables.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05",
              "status": "affected",
              "version": "0f038242b77ddfc505bf4163d4904c1abd2e74d6",
              "versionType": "git"
            },
            {
              "lessThan": "97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7",
              "status": "affected",
              "version": "440e948cf0eff32cfe322dcbca3f2525354b159b",
              "versionType": "git"
            },
            {
              "lessThan": "c760089aa98289b4b88a7ff5a62dd92845adf223",
              "status": "affected",
              "version": "18aae2cb87e5faa9c5bd865260ceadac60d5a6c5",
              "versionType": "git"
            },
            {
              "lessThan": "89242d9584c342cb83311b598d9e6b82572eadf8",
              "status": "affected",
              "version": "81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525",
              "versionType": "git"
            },
            {
              "lessThan": "562b7245131f6e9f1d280c8b5a8750f03edfc05c",
              "status": "affected",
              "version": "58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018",
              "versionType": "git"
            },
            {
              "lessThan": "65acf6e0501ac8880a4f73980d01b5d27648b956",
              "status": "affected",
              "version": "0c83842df40f86e529db6842231154772c20edcc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/netfilter/arp_tables.c",
            "net/ipv4/netfilter/ip_tables.c",
            "net/ipv6/netfilter/ip6_tables.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.10.216",
              "status": "affected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.156",
              "status": "affected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.87",
              "status": "affected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.28",
              "status": "affected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThan": "6.8.7",
              "status": "affected",
              "version": "6.8.5",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.10.215",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "5.15.154",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "6.1.85",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "6.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "6.8.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: complete validation of user input\n\nIn my recent commit, I missed that do_replace() handlers\nuse copy_from_sockptr() (which I fixed), followed\nby unsafe copy_from_sockptr_offset() calls.\n\nIn all functions, we can perform the @optlen validation\nbefore even calling xt_alloc_table_info() with the following\ncheck:\n\nif ((u64)optlen \u003c (u64)tmp.size + sizeof(tmp))\n        return -EINVAL;"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:19.304Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"
        },
        {
          "url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"
        },
        {
          "url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"
        },
        {
          "url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"
        }
      ],
      "title": "netfilter: complete validation of user input",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35962",
    "datePublished": "2024-05-20T09:41:53.207Z",
    "dateReserved": "2024-05-17T13:50:33.137Z",
    "dateUpdated": "2025-05-04T09:09:19.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35955 (GCVE-0-2024-35955)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2025-05-04 12:56

Title

kprobes: Fix possible use-after-free issue on kprobe registration

Summary

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b5808d40093403334…
	https://git.kernel.org/stable/c/93eb31e7c3399e326…
	https://git.kernel.org/stable/c/5062d1f4f07facbda…
	https://git.kernel.org/stable/c/2df2dd27066cdba80…
	https://git.kernel.org/stable/c/62029bc9ff2c17a4e…
	https://git.kernel.org/stable/c/d15023fb407337028…
	https://git.kernel.org/stable/c/36b57c7d2f8b7de22…
	https://git.kernel.org/stable/c/325f3fb551f8cd672…

Impacted products

Vendor

Product

Version

Linux

Affected: 1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8 , < b5808d40093403334d939e2c3c417144d12a6f33 (git)
Affected: 6a119c1a584aa7a2c6216458f1f272bf1bc93a93 , < 93eb31e7c3399e326259f2caa17be1e821f5a412 (git)
Affected: 2a49b025c36ae749cee7ccc4b7e456e02539cdc3 , < 5062d1f4f07facbdade0f402d9a04a788f52e26d (git)
Affected: a1edb85e60fdab1e14db63ae8af8db3f0d798fb6 , < 2df2dd27066cdba8041e46a64362325626bdfb2e (git)
Affected: 28f6c37a2910f565b4f5960df52b2eccae28c891 , < 62029bc9ff2c17a4e3a2478d83418ec575413808 (git)
Affected: 28f6c37a2910f565b4f5960df52b2eccae28c891 , < d15023fb407337028a654237d8968fefdcf87c2f (git)
Affected: 28f6c37a2910f565b4f5960df52b2eccae28c891 , < 36b57c7d2f8b7de224980f1a284432846ad71ca0 (git)
Affected: 28f6c37a2910f565b4f5960df52b2eccae28c891 , < 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 (git)
Affected: 4262b6eb057d86c7829168c541654fe0d48fdac8 (git)
Affected: 97e813e6a143edf4208e15c72199c495ed80cea5 (git)
Affected: 16a544f1e013ba0660612f3fe35393b143b19a84 (git)

Linux

Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b5808d400934",
                "status": "affected",
                "version": "1c836bad43f3",
                "versionType": "git"
              },
              {
                "lessThan": "93eb31e7c339",
                "status": "affected",
                "version": "6a119c1a584a",
                "versionType": "git"
              },
              {
                "lessThan": "93eb31e7c339",
                "status": "affected",
                "version": "2a49b025c36a",
                "versionType": "git"
              },
              {
                "lessThan": "2df2dd27066c",
                "status": "affected",
                "version": "a1edb85e60fd",
                "versionType": "git"
              },
              {
                "lessThan": "62029bc9ff2c",
                "status": "affected",
                "version": "28f6c37a2910",
                "versionType": "git"
              },
              {
                "lessThan": "d15023fb4073",
                "status": "affected",
                "version": "28f6c37a2910",
                "versionType": "git"
              },
              {
                "lessThan": "36b57c7d2f8b",
                "status": "affected",
                "version": "28f6c37a2910",
                "versionType": "git"
              },
              {
                "lessThan": "325f3fb551f8",
                "status": "affected",
                "version": "28f6c37a2910",
                "versionType": "git"
              },
              {
                "status": "affected",
                "version": "6.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:42:32.103628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T13:44:14.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/kprobes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b5808d40093403334d939e2c3c417144d12a6f33",
              "status": "affected",
              "version": "1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8",
              "versionType": "git"
            },
            {
              "lessThan": "93eb31e7c3399e326259f2caa17be1e821f5a412",
              "status": "affected",
              "version": "6a119c1a584aa7a2c6216458f1f272bf1bc93a93",
              "versionType": "git"
            },
            {
              "lessThan": "5062d1f4f07facbdade0f402d9a04a788f52e26d",
              "status": "affected",
              "version": "2a49b025c36ae749cee7ccc4b7e456e02539cdc3",
              "versionType": "git"
            },
            {
              "lessThan": "2df2dd27066cdba8041e46a64362325626bdfb2e",
              "status": "affected",
              "version": "a1edb85e60fdab1e14db63ae8af8db3f0d798fb6",
              "versionType": "git"
            },
            {
              "lessThan": "62029bc9ff2c17a4e3a2478d83418ec575413808",
              "status": "affected",
              "version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
              "versionType": "git"
            },
            {
              "lessThan": "d15023fb407337028a654237d8968fefdcf87c2f",
              "status": "affected",
              "version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
              "versionType": "git"
            },
            {
              "lessThan": "36b57c7d2f8b7de224980f1a284432846ad71ca0",
              "status": "affected",
              "version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
              "versionType": "git"
            },
            {
              "lessThan": "325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8",
              "status": "affected",
              "version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4262b6eb057d86c7829168c541654fe0d48fdac8",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "97e813e6a143edf4208e15c72199c495ed80cea5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "16a544f1e013ba0660612f3fe35393b143b19a84",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/kprobes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.19.256",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.4.211",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.10.137",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "5.15.61",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.18.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.19.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Fix possible use-after-free issue on kprobe registration\n\nWhen unloading a module, its state is changing MODULE_STATE_LIVE -\u003e\n MODULE_STATE_GOING -\u003e MODULE_STATE_UNFORMED. Each change will take\na time. `is_module_text_address()` and `__module_text_address()`\nworks with MODULE_STATE_LIVE and MODULE_STATE_GOING.\nIf we use `is_module_text_address()` and `__module_text_address()`\nseparately, there is a chance that the first one is succeeded but the\nnext one is failed because module-\u003estate becomes MODULE_STATE_UNFORMED\nbetween those operations.\n\nIn `check_kprobe_address_safe()`, if the second `__module_text_address()`\nis failed, that is ignored because it expected a kernel_text address.\nBut it may have failed simply because module-\u003estate has been changed\nto MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify\nnon-exist module text address (use-after-free).\n\nTo fix this problem, we should not use separated `is_module_text_address()`\nand `__module_text_address()`, but use only `__module_text_address()`\nonce and do `try_module_get(module)` which is only available with\nMODULE_STATE_LIVE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:07.171Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33"
        },
        {
          "url": "https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412"
        },
        {
          "url": "https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e"
        },
        {
          "url": "https://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808"
        },
        {
          "url": "https://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0"
        },
        {
          "url": "https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8"
        }
      ],
      "title": "kprobes: Fix possible use-after-free issue on kprobe registration",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35955",
    "datePublished": "2024-05-20T09:41:48.607Z",
    "dateReserved": "2024-05-17T13:50:33.136Z",
    "dateUpdated": "2025-05-04T12:56:07.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35933 (GCVE-0-2024-35933)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

Bluetooth: btintel: Fix null ptr deref in btintel_read_version

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this issue.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b19fe5eea619d54ee…
	https://git.kernel.org/stable/c/ffdca0a62abaf8c41…
	https://git.kernel.org/stable/c/22d3053ef05f0b504…
	https://git.kernel.org/stable/c/b79e040910101b020…

Impacted products

Vendor

Product

Version

Linux

Affected: abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < b19fe5eea619d54eea59bb8a37c0f8d00ef0e912 (git)
Affected: abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < ffdca0a62abaf8c41d8d9ea132000fd808de329b (git)
Affected: abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < 22d3053ef05f0b5045e45bd91e7473846261d65e (git)
Affected: abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < b79e040910101b020931ba0c9a6b77e81ab7f645 (git)

Linux

Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:20:29.908054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:54.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec2049fb2b8be3e108fe2ef1f1040f91e72c9990"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68a69bb2ecafaacdb998a87783068fb51736f43b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/86e9b47e8a75c74b1bd83a479979b425c5dc8bd9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/006936ecb4edfc3102464044f75858c714e34d28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b19fe5eea619d54eea59bb8a37c0f8d00ef0e912"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffdca0a62abaf8c41d8d9ea132000fd808de329b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22d3053ef05f0b5045e45bd91e7473846261d65e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b79e040910101b020931ba0c9a6b77e81ab7f645"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/btintel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b19fe5eea619d54eea59bb8a37c0f8d00ef0e912",
              "status": "affected",
              "version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
              "versionType": "git"
            },
            {
              "lessThan": "ffdca0a62abaf8c41d8d9ea132000fd808de329b",
              "status": "affected",
              "version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
              "versionType": "git"
            },
            {
              "lessThan": "22d3053ef05f0b5045e45bd91e7473846261d65e",
              "status": "affected",
              "version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
              "versionType": "git"
            },
            {
              "lessThan": "b79e040910101b020931ba0c9a6b77e81ab7f645",
              "status": "affected",
              "version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/btintel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Fix null ptr deref in btintel_read_version\n\nIf hci_cmd_sync_complete() is triggered and skb is NULL, then\nhdev-\u003ereq_skb is NULL, which will cause this issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:47.680Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b19fe5eea619d54eea59bb8a37c0f8d00ef0e912"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffdca0a62abaf8c41d8d9ea132000fd808de329b"
        },
        {
          "url": "https://git.kernel.org/stable/c/22d3053ef05f0b5045e45bd91e7473846261d65e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b79e040910101b020931ba0c9a6b77e81ab7f645"
        }
      ],
      "title": "Bluetooth: btintel: Fix null ptr deref in btintel_read_version",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35933",
    "datePublished": "2024-05-19T10:10:41.020Z",
    "dateReserved": "2024-05-17T13:50:33.130Z",
    "dateUpdated": "2026-01-05T10:35:47.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26852 (GCVE-0-2024-26852)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2025-05-04 08:57

Title

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

Summary

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") was not able to fix the root cause. We need to defer the fib6_info_release() calls after ip6_route_mpath_notify(), in the cleanup phase. [1] BUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0 Read of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037 CPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x167/0x540 mm/kasan/report.c:488 kasan_report+0x142/0x180 mm/kasan/report.c:601 rt6_fill_node+0x1460/0x1ac0 inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184 ip6_route_mpath_notify net/ipv6/route.c:5198 [inline] ip6_route_multipath_add net/ipv6/route.c:5404 [inline] inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f73dd87dda9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 RBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858 </TASK> Allocated by task 23037: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:372 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:3981 [inline] __kmalloc+0x22e/0x490 mm/slub.c:3994 kmalloc include/linux/slab.h:594 [inline] kzalloc include/linux/slab.h:711 [inline] fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155 ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758 ip6_route_multipath_add net/ipv6/route.c:5298 [inline] inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 Freed by task 16: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640 poison_slab_object+0xa6/0xe0 m ---truncated---

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/31ea5bcc7d4cd1423…
	https://git.kernel.org/stable/c/664f9c647260cc9d6…
	https://git.kernel.org/stable/c/79ce2e54cc0ae366f…
	https://git.kernel.org/stable/c/cae3303257950d03f…
	https://git.kernel.org/stable/c/394334fe2ae3b9f1e…
	https://git.kernel.org/stable/c/ed883060c38721ed8…
	https://git.kernel.org/stable/c/61b34f73cdbdb8eaf…
	https://git.kernel.org/stable/c/685f7d531264599b3…

Impacted products

Vendor

Product

Version

Linux

Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 31ea5bcc7d4cd1423de6be327a2c034725704136 (git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 664f9c647260cc9d68b4e31d9899530d89dd045e (git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 79ce2e54cc0ae366f45516c00bf1b19aa43e9abe (git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < cae3303257950d03ffec2df4a45e836f10d26c24 (git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 394334fe2ae3b9f1e2332b873857e84cb28aac18 (git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < ed883060c38721ed828061f6c0c30e5147326c9a (git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda (git)
Affected: 3b1137fe74829e021f483756a648cbb87c8a1b4a , < 685f7d531264599b3f167f1e94bbd22f120e5fab (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.310 , ≤ 4.19.* (semver)
Unaffected: 5.4.272 , ≤ 5.4.* (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.82 , ≤ 6.1.* (semver)
Unaffected: 6.6.22 , ≤ 6.6.* (semver)
Unaffected: 6.7.10 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "31ea5bcc7d4c",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "lessThan": "664f9c647260",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "lessThan": "79ce2e54cc0a",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "lessThan": "cae330325795",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "lessThan": "394334fe2ae3",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "lessThan": "ed883060c387",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "lessThan": "61b34f73cdbd",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "lessThan": "685f7d531264",
                "status": "affected",
                "version": "3b1137fe7482",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "4.11"
              },
              {
                "lessThan": "4.11",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.310",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.272",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.213",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.152",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.82",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.22",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.10",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "*",
                "status": "unaffected",
                "version": "6.8",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26852",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-19T20:41:29.771297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T21:48:49.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "31ea5bcc7d4cd1423de6be327a2c034725704136",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            },
            {
              "lessThan": "664f9c647260cc9d68b4e31d9899530d89dd045e",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            },
            {
              "lessThan": "79ce2e54cc0ae366f45516c00bf1b19aa43e9abe",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            },
            {
              "lessThan": "cae3303257950d03ffec2df4a45e836f10d26c24",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            },
            {
              "lessThan": "394334fe2ae3b9f1e2332b873857e84cb28aac18",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            },
            {
              "lessThan": "ed883060c38721ed828061f6c0c30e5147326c9a",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            },
            {
              "lessThan": "61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            },
            {
              "lessThan": "685f7d531264599b3f167f1e94bbd22f120e5fab",
              "status": "affected",
              "version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.310",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.310",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.272",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.22",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ipv6: avoid possible UAF in ip6_route_mpath_notify()\n\nsyzbot found another use-after-free in ip6_route_mpath_notify() [1]\n\nCommit f7225172f25a (\"net/ipv6: prevent use after free in\nip6_route_mpath_notify\") was not able to fix the root cause.\n\nWe need to defer the fib6_info_release() calls after\nip6_route_mpath_notify(), in the cleanup phase.\n\n[1]\nBUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0\nRead of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037\n\nCPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:88 [inline]\n  dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x167/0x540 mm/kasan/report.c:488\n  kasan_report+0x142/0x180 mm/kasan/report.c:601\n rt6_fill_node+0x1460/0x1ac0\n  inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184\n  ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]\n  ip6_route_multipath_add net/ipv6/route.c:5404 [inline]\n  inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517\n  rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n  netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n  netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n  netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x221/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n  ___sys_sendmsg net/socket.c:2638 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f73dd87dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9\nRDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005\nRBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858\n \u003c/TASK\u003e\n\nAllocated by task 23037:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  poison_kmalloc_redzone mm/kasan/common.c:372 [inline]\n  __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389\n  kasan_kmalloc include/linux/kasan.h:211 [inline]\n  __do_kmalloc_node mm/slub.c:3981 [inline]\n  __kmalloc+0x22e/0x490 mm/slub.c:3994\n  kmalloc include/linux/slab.h:594 [inline]\n  kzalloc include/linux/slab.h:711 [inline]\n  fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155\n  ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758\n  ip6_route_multipath_add net/ipv6/route.c:5298 [inline]\n  inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517\n  rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n  netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n  netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n  netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x221/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n  ___sys_sendmsg net/socket.c:2638 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nFreed by task 16:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640\n  poison_slab_object+0xa6/0xe0 m\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:58.505Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136"
        },
        {
          "url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e"
        },
        {
          "url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe"
        },
        {
          "url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24"
        },
        {
          "url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda"
        },
        {
          "url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab"
        }
      ],
      "title": "net/ipv6: avoid possible UAF in ip6_route_mpath_notify()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26852",
    "datePublished": "2024-04-17T10:17:15.923Z",
    "dateReserved": "2024-02-19T14:20:24.183Z",
    "dateUpdated": "2025-05-04T08:57:58.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35813 (GCVE-0-2024-35813)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2025-05-04 09:05

Title

mmc: core: Avoid negative index with array access

Summary

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_idata = idatas[i - 1], but doesn't check that the iterator i is greater than zero. Let's fix this by adding a check.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b9a7339ae403035ff…
	https://git.kernel.org/stable/c/2b539c88940e22494…
	https://git.kernel.org/stable/c/81b8645feca08a54c…
	https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa…
	https://git.kernel.org/stable/c/4466677dcabe2d70d…
	https://git.kernel.org/stable/c/064db53f9023a2d58…
	https://git.kernel.org/stable/c/7d0e8a6147550aa05…
	https://git.kernel.org/stable/c/cf55a7acd1ed38afe…

Impacted products

Vendor

Product

Version

Linux

Affected: f49f9e802785291149bdc9c824414de4604226b4 , < b9a7339ae403035ffe7fc37cb034b36947910f68 (git)
Affected: 59020bf0999ff7da8aedcd00ef8f0d75d93b6d20 , < 2b539c88940e22494da80a93ee1c5a28bbad10f6 (git)
Affected: 50b8b7a22e90bab9f1949b64a88ff17ab10913ec , < 81b8645feca08a54c7c4bf36e7b176f4983b2f28 (git)
Affected: c4edcd134bb72b3b0acc884612d624e48c9d057f , < ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55 (git)
Affected: 1653a8102868264f3488c298a9f20af2add9a288 , < 4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2 (git)
Affected: eed9119f8f8e8fbf225c08abdbb58597fba807e0 , < 064db53f9023a2d5877a2d12de6bc27995f6ca56 (git)
Affected: 4d0c8d0aef6355660b6775d57ccd5d4ea2e15802 , < 7d0e8a6147550aa058fa6ade8583ad252aa61304 (git)
Affected: 4d0c8d0aef6355660b6775d57ccd5d4ea2e15802 , < cf55a7acd1ed38afe43bba1c8a0935b51d1dc014 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35813",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:39:23.725113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:43:26.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/core/block.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b9a7339ae403035ffe7fc37cb034b36947910f68",
              "status": "affected",
              "version": "f49f9e802785291149bdc9c824414de4604226b4",
              "versionType": "git"
            },
            {
              "lessThan": "2b539c88940e22494da80a93ee1c5a28bbad10f6",
              "status": "affected",
              "version": "59020bf0999ff7da8aedcd00ef8f0d75d93b6d20",
              "versionType": "git"
            },
            {
              "lessThan": "81b8645feca08a54c7c4bf36e7b176f4983b2f28",
              "status": "affected",
              "version": "50b8b7a22e90bab9f1949b64a88ff17ab10913ec",
              "versionType": "git"
            },
            {
              "lessThan": "ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55",
              "status": "affected",
              "version": "c4edcd134bb72b3b0acc884612d624e48c9d057f",
              "versionType": "git"
            },
            {
              "lessThan": "4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2",
              "status": "affected",
              "version": "1653a8102868264f3488c298a9f20af2add9a288",
              "versionType": "git"
            },
            {
              "lessThan": "064db53f9023a2d5877a2d12de6bc27995f6ca56",
              "status": "affected",
              "version": "eed9119f8f8e8fbf225c08abdbb58597fba807e0",
              "versionType": "git"
            },
            {
              "lessThan": "7d0e8a6147550aa058fa6ade8583ad252aa61304",
              "status": "affected",
              "version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802",
              "versionType": "git"
            },
            {
              "lessThan": "cf55a7acd1ed38afe43bba1c8a0935b51d1dc014",
              "status": "affected",
              "version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/core/block.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.269",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "6.1.76",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "6.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "6.7.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn\u0027t check that the iterator i is\ngreater than zero. Let\u0027s fix this by adding a check."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:57.228Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"
        },
        {
          "url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"
        }
      ],
      "title": "mmc: core: Avoid negative index with array access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35813",
    "datePublished": "2024-05-17T13:23:18.902Z",
    "dateReserved": "2024-05-17T12:19:12.343Z",
    "dateUpdated": "2025-05-04T09:05:57.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27020 (GCVE-0-2024-27020)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:30 – Updated: 2025-11-04 17:17

Title

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/939109c0a8e2a006a…
	https://git.kernel.org/stable/c/b38a133d37fa421c8…
	https://git.kernel.org/stable/c/934e66e231cff2b18…
	https://git.kernel.org/stable/c/0b6de00206adbbfc6…
	https://git.kernel.org/stable/c/8d56bad42ac4c43c6…
	https://git.kernel.org/stable/c/a9ebf340d123ae125…
	https://git.kernel.org/stable/c/01f1a678b05ade4b1…
	https://git.kernel.org/stable/c/f969eb84ce482331a…

Impacted products

Vendor

Product

Version

Linux

Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 939109c0a8e2a006a6cc8209e262d25065f4403a (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < b38a133d37fa421c8447b383d788c9cc6f5cb34c (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 934e66e231cff2b18faa2c8aad0b8cec13957e05 (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 0b6de00206adbbfc6373b3ae38d2a6f197987907 (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 8d56bad42ac4c43c6c72ddd6a654a2628bf839c5 (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < a9ebf340d123ae12582210407f879d6a5a1bc25b (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 01f1a678b05ade4b1248019c2dcca773aebbeb7f (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < f969eb84ce482331a991079ab7a5c4dc3b7f89bf (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T19:26:58.391230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T19:27:09.041Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:36.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "939109c0a8e2a006a6cc8209e262d25065f4403a",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "b38a133d37fa421c8447b383d788c9cc6f5cb34c",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "934e66e231cff2b18faa2c8aad0b8cec13957e05",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "0b6de00206adbbfc6373b3ae38d2a6f197987907",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "8d56bad42ac4c43c6c72ddd6a654a2628bf839c5",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "a9ebf340d123ae12582210407f879d6a5a1bc25b",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "01f1a678b05ade4b1248019c2dcca773aebbeb7f",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "f969eb84ce482331a991079ab7a5c4dc3b7f89bf",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()\n\nnft_unregister_expr() can concurrent with __nft_expr_type_get(),\nand there is not any protection when iterate over nf_tables_expressions\nlist in __nft_expr_type_get(). Therefore, there is potential data-race\nof nf_tables_expressions list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_expressions\nlist in __nft_expr_type_get(), and use rcu_read_lock() in the caller\nnft_expr_type_get() to protect the entire type query process."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:25.729Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c"
        },
        {
          "url": "https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b"
        },
        {
          "url": "https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf"
        }
      ],
      "title": "netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27020",
    "datePublished": "2024-05-01T05:30:15.908Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2025-11-04T17:17:36.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36941 (GCVE-0-2024-36941)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-20 14:17

Title

wifi: nl80211: don't free NULL coalescing rule

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/327382dc0f16b2689…
	https://git.kernel.org/stable/c/97792d0611ae2e6fe…
	https://git.kernel.org/stable/c/5a730a161ac2290d4…
	https://git.kernel.org/stable/c/ad12c74e953b68ad8…
	https://git.kernel.org/stable/c/b0db4caa10f2e4e81…
	https://git.kernel.org/stable/c/244822c09b4f9aedf…
	https://git.kernel.org/stable/c/f92772a642485394d…
	https://git.kernel.org/stable/c/801ea33ae82d6a9d9…

Impacted products

Vendor

Product

Version

Linux

Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 327382dc0f16b268950b96e0052595efd80f7b0a (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 97792d0611ae2e6fe3ccefb0a94a1d802317c457 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 5a730a161ac2290d46d49be76b2b1aee8d2eb307 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < ad12c74e953b68ad85c78adc6408ed8435c64af4 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < b0db4caa10f2e4e811cf88744fbf0d074b67ec1f (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 244822c09b4f9aedfb5977f03c0deeb39da8ec7d (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < f92772a642485394db5c9a17bd0ee73fc6902383 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36941",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T18:57:12.725668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:17:10.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/nl80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "327382dc0f16b268950b96e0052595efd80f7b0a",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "97792d0611ae2e6fe3ccefb0a94a1d802317c457",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "5a730a161ac2290d46d49be76b2b1aee8d2eb307",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "ad12c74e953b68ad85c78adc6408ed8435c64af4",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "b0db4caa10f2e4e811cf88744fbf0d074b67ec1f",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "244822c09b4f9aedfb5977f03c0deeb39da8ec7d",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "f92772a642485394db5c9a17bd0ee73fc6902383",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "801ea33ae82d6a9d954074fbcf8ea9d18f1543a7",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/nl80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don\u0027t free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:31.170Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
        },
        {
          "url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
        }
      ],
      "title": "wifi: nl80211: don\u0027t free NULL coalescing rule",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36941",
    "datePublished": "2024-05-30T15:29:28.687Z",
    "dateReserved": "2024-05-30T15:25:07.072Z",
    "dateUpdated": "2025-05-20T14:17:10.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26950 (GCVE-0-2024-26950)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:18 – Updated: 2025-05-04 09:00

Title

wireguard: netlink: access device through ctx instead of peer

Summary

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/493aa6bdcffd90a4f…
	https://git.kernel.org/stable/c/4be453271a882c8eb…
	https://git.kernel.org/stable/c/09c3fa70f65175861…
	https://git.kernel.org/stable/c/c991567e6c6380793…
	https://git.kernel.org/stable/c/93bcc1752c69bb309…
	https://git.kernel.org/stable/c/d44bd323d8bb8031e…
	https://git.kernel.org/stable/c/71cbd32e3db82ea4a…

Impacted products

Vendor

Product

Version

Linux

Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 493aa6bdcffd90a4f82aa614fe4f4db0641b4068 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 4be453271a882c8ebc28df3dbf9e4d95e6ac42f5 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 09c3fa70f65175861ca948cb2f0f791e666c90e5 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < c991567e6c638079304cc15dff28748e4a3c4a37 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 93bcc1752c69bb309f4d8cfaf960ef1faeb34996 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < d44bd323d8bb8031eef4bdc44547925998a11e47 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:55:56.220490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T15:00:58.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "493aa6bdcffd90a4f82aa614fe4f4db0641b4068",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "4be453271a882c8ebc28df3dbf9e4d95e6ac42f5",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "09c3fa70f65175861ca948cb2f0f791e666c90e5",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "c991567e6c638079304cc15dff28748e4a3c4a37",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "93bcc1752c69bb309f4d8cfaf960ef1faeb34996",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "d44bd323d8bb8031eef4bdc44547925998a11e47",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: access device through ctx instead of peer\n\nThe previous commit fixed a bug that led to a NULL peer-\u003edevice being\ndereferenced. It\u0027s actually easier and faster performance-wise to\ninstead get the device from ctx-\u003ewg. This semantically makes more sense\ntoo, since ctx-\u003ewg-\u003epeer_allowedips.seq is compared with\nctx-\u003eallowedips_seq, basing them both in ctx. This also acts as a\ndefence in depth provision against freed peers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:31.028Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
        },
        {
          "url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
        },
        {
          "url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
        },
        {
          "url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
        },
        {
          "url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
        }
      ],
      "title": "wireguard: netlink: access device through ctx instead of peer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26950",
    "datePublished": "2024-05-01T05:18:29.902Z",
    "dateReserved": "2024-02-19T14:20:24.198Z",
    "dateUpdated": "2025-05-04T09:00:31.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52458 (GCVE-0-2023-52458)

Vulnerability from cvelistv5 – Published: 2024-02-23 14:46 – Updated: 2026-01-05 10:16

Title

block: add check that partition length needs to be aligned with block size

Summary

In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block size of the disk is larger than 512 bytes, then the partition size maybe not the multiple of the logical block size, and when the last sector is read, bio_truncate() will adjust the bio size, resulting in an IO error if the size of the read command is smaller than the logical block size.If integrity data is supported, this will also result in a null pointer dereference when calling bio_integrity_free.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca…
	https://git.kernel.org/stable/c/5010c27120962c85d…
	https://git.kernel.org/stable/c/ef31cc87794731ffc…
	https://git.kernel.org/stable/c/cb16cc1abda18a951…
	https://git.kernel.org/stable/c/bcdc288e7bc008daf…
	https://git.kernel.org/stable/c/6f64f866aa1ae6975…

Impacted products

Vendor

Product

Version

Linux

Affected: 633395b67bb222f85bb8f825c7751a54b9ec84ee , < 8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 (git)
Affected: 633395b67bb222f85bb8f825c7751a54b9ec84ee , < 5010c27120962c85d2f421d2cf211791c9603503 (git)
Affected: 633395b67bb222f85bb8f825c7751a54b9ec84ee , < ef31cc87794731ffcb578a195a2c47d744e25fb8 (git)
Affected: 633395b67bb222f85bb8f825c7751a54b9ec84ee , < cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8 (git)
Affected: 633395b67bb222f85bb8f825c7751a54b9ec84ee , < bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5 (git)
Affected: 633395b67bb222f85bb8f825c7751a54b9ec84ee , < 6f64f866aa1ae6975c95d805ed51d7e9433a0016 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52458",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T17:05:34.872000Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:59.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f64f866aa1ae6975c95d805ed51d7e9433a0016"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62",
              "status": "affected",
              "version": "633395b67bb222f85bb8f825c7751a54b9ec84ee",
              "versionType": "git"
            },
            {
              "lessThan": "5010c27120962c85d2f421d2cf211791c9603503",
              "status": "affected",
              "version": "633395b67bb222f85bb8f825c7751a54b9ec84ee",
              "versionType": "git"
            },
            {
              "lessThan": "ef31cc87794731ffcb578a195a2c47d744e25fb8",
              "status": "affected",
              "version": "633395b67bb222f85bb8f825c7751a54b9ec84ee",
              "versionType": "git"
            },
            {
              "lessThan": "cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8",
              "status": "affected",
              "version": "633395b67bb222f85bb8f825c7751a54b9ec84ee",
              "versionType": "git"
            },
            {
              "lessThan": "bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5",
              "status": "affected",
              "version": "633395b67bb222f85bb8f825c7751a54b9ec84ee",
              "versionType": "git"
            },
            {
              "lessThan": "6f64f866aa1ae6975c95d805ed51d7e9433a0016",
              "status": "affected",
              "version": "633395b67bb222f85bb8f825c7751a54b9ec84ee",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: add check that partition length needs to be aligned with block size\n\nBefore calling add partition or resize partition, there is no check\non whether the length is aligned with the logical block size.\nIf the logical block size of the disk is larger than 512 bytes,\nthen the partition size maybe not the multiple of the logical block size,\nand when the last sector is read, bio_truncate() will adjust the bio size,\nresulting in an IO error if the size of the read command is smaller than\nthe logical block size.If integrity data is supported, this will also\nresult in a null pointer dereference when calling bio_integrity_free."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:06.290Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62"
        },
        {
          "url": "https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f64f866aa1ae6975c95d805ed51d7e9433a0016"
        }
      ],
      "title": "block: add check that partition length needs to be aligned with block size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52458",
    "datePublished": "2024-02-23T14:46:20.397Z",
    "dateReserved": "2024-02-20T12:30:33.294Z",
    "dateUpdated": "2026-01-05T10:16:06.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26642 (GCVE-0-2024-26642)

Vulnerability from cvelistv5 – Published: 2024-03-21 10:43 – Updated: 2025-05-04 08:52

Title

netfilter: nf_tables: disallow anonymous set with timeout flag

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e4988d8415bd0294d…
	https://git.kernel.org/stable/c/e9a0d3f376eb356d5…
	https://git.kernel.org/stable/c/fe40ffbca19dc70d7…
	https://git.kernel.org/stable/c/7cdc1be24cc1bcd56…
	https://git.kernel.org/stable/c/72c1efe3f247a5816…
	https://git.kernel.org/stable/c/c0c2176d1814b92ea…
	https://git.kernel.org/stable/c/8e07c16695583a66e…
	https://git.kernel.org/stable/c/16603605b667b70da…

Impacted products

Vendor

Product

Version

Linux

Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 72c1efe3f247a581667b7d368fff3bd9a03cd57a (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 8e07c16695583a66e81f67ce4c46e94dece47ba7 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 16603605b667b70da974bea8216c93e7db043bf1 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26642",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T17:43:46.916001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:25.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "72c1efe3f247a581667b7d368fff3bd9a03cd57a",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "8e07c16695583a66e81f67ce4c46e94dece47ba7",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "16603605b667b70da974bea8216c93e7db043bf1",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:55.435Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
        },
        {
          "url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
        },
        {
          "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
        }
      ],
      "title": "netfilter: nf_tables: disallow anonymous set with timeout flag",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26642",
    "datePublished": "2024-03-21T10:43:43.495Z",
    "dateReserved": "2024-02-19T14:20:24.137Z",
    "dateUpdated": "2025-05-04T08:52:55.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52489 (GCVE-0-2023-52489)

Vulnerability from cvelistv5 – Published: 2024-02-29 15:52 – Updated: 2025-05-04 07:37

Title

mm/sparsemem: fix race in accessing memory_section->usage

Summary

In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end pfn contains the device memory PFN's as well, the compaction triggered will try on the device memory PFN's too though they end up in NOP(because pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When from other core, the section mappings are being removed for the ZONE_DEVICE region, that the PFN in question belongs to, on which compaction is currently being operated is resulting into the kernel crash with CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1]. compact_zone() memunmap_pages ------------- --------------- __pageblock_pfn_to_page ...... (a)pfn_valid(): valid_section()//return true (b)__remove_pages()-> sparse_remove_section()-> section_deactivate(): [Free the array ms->usage and set ms->usage = NULL] pfn_section_valid() [Access ms->usage which is NULL] NOTE: From the above it can be said that the race is reduced to between the pfn_valid()/pfn_section_valid() and the section deactivate with SPASEMEM_VMEMAP enabled. The commit b943f045a9af("mm/sparse: fix kernel crash with pfn_section_valid check") tried to address the same problem by clearing the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns false thus ms->usage is not accessed. Fix this issue by the below steps: a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage. b) RCU protected read side critical section will either return NULL when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage. c) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No attempt will be made to access ->usage after this as the SECTION_HAS_MEM_MAP is cleared thus valid_section() return false. Thanks to David/Pavan for their inputs on this patch. [1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/ On Snapdragon SoC, with the mentioned memory configuration of PFN's as [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of issues daily while testing on a device farm. For this particular issue below is the log. Though the below log is not directly pointing to the pfn_section_valid(){ ms->usage;}, when we loaded this dump on T32 lauterbach tool, it is pointing. [ 540.578056] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 540.578068] Mem abort info: [ 540.578070] ESR = 0x0000000096000005 [ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits [ 540.578077] SET = 0, FnV = 0 [ 540.578080] EA = 0, S1PTW = 0 [ 540.578082] FSC = 0x05: level 1 translation fault [ 540.578085] Data abort info: [ 540.578086] ISV = 0, ISS = 0x00000005 [ 540.578088] CM = 0, WnR = 0 [ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--) [ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c [ 540.579454] lr : compact_zone+0x994/0x1058 [ 540.579460] sp : ffffffc03579b510 [ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c [ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640 [ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000 [ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140 [ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff [ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001 [ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440 [ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4 [ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/90ad17575d2687428…
	https://git.kernel.org/stable/c/b448de2459b6d62a5…
	https://git.kernel.org/stable/c/68ed9e33324021e9d…
	https://git.kernel.org/stable/c/70064241f2229f7ba…
	https://git.kernel.org/stable/c/3a01daace71b52156…
	https://git.kernel.org/stable/c/5ec8e8ea8b7783fab…

Impacted products

Vendor

Product

Version

Linux

Affected: f46edbd1b1516da1fb34c917775168d5df576f78 , < 90ad17575d26874287271127d43ef3c2af876cea (git)
Affected: f46edbd1b1516da1fb34c917775168d5df576f78 , < b448de2459b6d62a53892487ab18b7d823ff0529 (git)
Affected: f46edbd1b1516da1fb34c917775168d5df576f78 , < 68ed9e33324021e9d6b798e9db00ca3093d2012a (git)
Affected: f46edbd1b1516da1fb34c917775168d5df576f78 , < 70064241f2229f7ba7b9599a98f68d9142e81a97 (git)
Affected: f46edbd1b1516da1fb34c917775168d5df576f78 , < 3a01daace71b521563c38bbbf874e14c3e58adb7 (git)
Affected: f46edbd1b1516da1fb34c917775168d5df576f78 , < 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T14:56:15.828991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:46.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h",
            "mm/sparse.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "90ad17575d26874287271127d43ef3c2af876cea",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "b448de2459b6d62a53892487ab18b7d823ff0529",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "70064241f2229f7ba7b9599a98f68d9142e81a97",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "3a01daace71b521563c38bbbf874e14c3e58adb7",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h",
            "mm/sparse.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL].  Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections).  When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled.  The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n   ......\n (a)pfn_valid():\n     valid_section()//return true\n\t\t\t      (b)__remove_pages()-\u003e\n\t\t\t\t  sparse_remove_section()-\u003e\n\t\t\t\t    section_deactivate():\n\t\t\t\t    [Free the array ms-\u003eusage and set\n\t\t\t\t     ms-\u003eusage = NULL]\n     pfn_section_valid()\n     [Access ms-\u003eusage which\n     is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n   when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL.  No\n   attempt will be made to access -\u003eusage after this as the\n   SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log.  Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[  540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[  540.578068] Mem abort info:\n[  540.578070]   ESR = 0x0000000096000005\n[  540.578073]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  540.578077]   SET = 0, FnV = 0\n[  540.578080]   EA = 0, S1PTW = 0\n[  540.578082]   FSC = 0x05: level 1 translation fault\n[  540.578085] Data abort info:\n[  540.578086]   ISV = 0, ISS = 0x00000005\n[  540.578088]   CM = 0, WnR = 0\n[  540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[  540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[  540.579454] lr : compact_zone+0x994/0x1058\n[  540.579460] sp : ffffffc03579b510\n[  540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[  540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[  540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[  540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[  540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[  540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[  540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[  540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[  540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:37:51.825Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
        },
        {
          "url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
        },
        {
          "url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
        },
        {
          "url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
        }
      ],
      "title": "mm/sparsemem: fix race in accessing memory_section-\u003eusage",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52489",
    "datePublished": "2024-02-29T15:52:08.718Z",
    "dateReserved": "2024-02-20T12:30:33.302Z",
    "dateUpdated": "2025-05-04T07:37:51.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27401 (GCVE-0-2024-27401)

Vulnerability from cvelistv5 – Published: 2024-05-13 10:29 – Updated: 2026-01-05 10:35

Title

firewire: nosy: ensure user_length is taken into account when fetching packet contents

Summary

In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length, packet_buffer_get will now return 0 to signify to the user that no data were read and a larger buffer size is required. Helps prevent user space overflows.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/67f34f093c0f7bf33…
	https://git.kernel.org/stable/c/7b8c7bd2296e95b38…
	https://git.kernel.org/stable/c/cca330c59c5420756…
	https://git.kernel.org/stable/c/79f988d3ffc1aa778…
	https://git.kernel.org/stable/c/4ee0941da10e8fdcd…
	https://git.kernel.org/stable/c/1fe60ee709436550f…
	https://git.kernel.org/stable/c/539d51ac48bcfcfa1…
	https://git.kernel.org/stable/c/38762a0763c10c24a…

Impacted products

Vendor

Product

Version

Linux

Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 67f34f093c0f7bf33f5b4ae64d3d695a3b978285 (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 7b8c7bd2296e95b38a6ff346242356a2e7190239 (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < cca330c59c54207567a648357835f59df9a286bb (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 79f988d3ffc1aa778fc5181bdfab312e57956c6b (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 4ee0941da10e8fdcdb34756b877efd3282594c1f (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 1fe60ee709436550f8cfbab01295936b868d5baa (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 38762a0763c10c24a4915feee722d7aa6e73eb98 (git)

Linux

Affected: 2.6.36
Unaffected: 0 , < 2.6.36 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27401",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:55:43.034157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:00.939Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/nosy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "67f34f093c0f7bf33f5b4ae64d3d695a3b978285",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "7b8c7bd2296e95b38a6ff346242356a2e7190239",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "cca330c59c54207567a648357835f59df9a286bb",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "79f988d3ffc1aa778fc5181bdfab312e57956c6b",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "4ee0941da10e8fdcdb34756b877efd3282594c1f",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "1fe60ee709436550f8cfbab01295936b868d5baa",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "38762a0763c10c24a4915feee722d7aa6e73eb98",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/nosy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: nosy: ensure user_length is taken into account when fetching packet contents\n\nEnsure that packet_buffer_get respects the user_length provided. If\nthe length of the head packet exceeds the user_length, packet_buffer_get\nwill now return 0 to signify to the user that no data were read\nand a larger buffer size is required. Helps prevent user space overflows."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:14.529Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239"
        },
        {
          "url": "https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa"
        },
        {
          "url": "https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"
        },
        {
          "url": "https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98"
        }
      ],
      "title": "firewire: nosy: ensure user_length is taken into account when fetching packet contents",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27401",
    "datePublished": "2024-05-13T10:29:53.862Z",
    "dateReserved": "2024-02-25T13:47:42.681Z",
    "dateUpdated": "2026-01-05T10:35:14.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27431 (GCVE-0-2024-27431)

Vulnerability from cvelistv5 – Published: 2024-05-17 12:02 – Updated: 2025-05-04 09:04

Title

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

Summary

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap. This means we're basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5f4e51abfbe6eb444…
	https://git.kernel.org/stable/c/f0363af9619c77730…
	https://git.kernel.org/stable/c/3420b3ff1ff489c17…
	https://git.kernel.org/stable/c/f562e4c4aab00986d…
	https://git.kernel.org/stable/c/eaa7cb836659ced2d…
	https://git.kernel.org/stable/c/2487007aa3b9fafbd…

Impacted products

Vendor

Product

Version

Linux

Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < 5f4e51abfbe6eb444fa91906a5cd083044278297 (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < f0363af9619c77730764f10360e36c6445c12f7b (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < 3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95 (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < f562e4c4aab00986dde3093c4be919c3f2b85a4a (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < eaa7cb836659ced2d9f814ac32aa3ec193803ed6 (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < 2487007aa3b9fafbd2cb14068f49791ce1d7ede5 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.82 , ≤ 6.1.* (semver)
Unaffected: 6.6.22 , ≤ 6.6.* (semver)
Unaffected: 6.7.10 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "9216477449f3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.10.213"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.152"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.82"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.22"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.7.10"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T16:29:06.840486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T21:49:35.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/cpumap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5f4e51abfbe6eb444fa91906a5cd083044278297",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "f0363af9619c77730764f10360e36c6445c12f7b",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "f562e4c4aab00986dde3093c4be919c3f2b85a4a",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "eaa7cb836659ced2d9f814ac32aa3ec193803ed6",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "2487007aa3b9fafbd2cb14068f49791ce1d7ede5",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/cpumap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.22",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.10",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpumap: Zero-initialise xdp_rxq_info struct before running XDP program\n\nWhen running an XDP program that is attached to a cpumap entry, we don\u0027t\ninitialise the xdp_rxq_info data structure being used in the xdp_buff\nthat backs the XDP program invocation. Tobias noticed that this leads to\nrandom values being returned as the xdp_md-\u003erx_queue_index value for XDP\nprograms running in a cpumap.\n\nThis means we\u0027re basically returning the contents of the uninitialised\nmemory, which is bad. Fix this by zero-initialising the rxq data\nstructure before running the XDP program."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:04:51.900Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95"
        },
        {
          "url": "https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6"
        },
        {
          "url": "https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5"
        }
      ],
      "title": "cpumap: Zero-initialise xdp_rxq_info struct before running XDP program",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27431",
    "datePublished": "2024-05-17T12:02:10.274Z",
    "dateReserved": "2024-02-25T13:47:42.686Z",
    "dateUpdated": "2025-05-04T09:04:51.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31076 (GCVE-0-2024-31076)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:20

Title

genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline

Summary

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next instance of the interrupt being triggered on the original CPU. When the interrupt next triggers on the original CPU, the new affinity is enforced within __irq_move_irq(). A vector is allocated from the new CPU, but the old vector on the original CPU remains and is not immediately reclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming process is delayed until the next trigger of the interrupt on the new CPU. Upon the subsequent triggering of the interrupt on the new CPU, irq_complete_move() adds a task to the old CPU's vector_cleanup list if it remains online. Subsequently, the timer on the old CPU iterates over its vector_cleanup list, reclaiming old vectors. However, a rare scenario arises if the old CPU is outgoing before the interrupt triggers again on the new CPU. In that case irq_force_complete_move() is not invoked on the outgoing CPU to reclaim the old apicd->prev_vector because the interrupt isn't currently affine to the outgoing CPU, and irq_needs_fixup() returns false. Even though __vector_schedule_cleanup() is later called on the new CPU, it doesn't reclaim apicd->prev_vector; instead, it simply resets both apicd->move_in_progress and apicd->prev_vector to 0. As a result, the vector remains unreclaimed in vector_matrix, leading to a CPU vector leak. To address this issue, move the invocation of irq_force_complete_move() before the irq_needs_fixup() call to reclaim apicd->prev_vector, if the interrupt is currently or used to be affine to the outgoing CPU. Additionally, reclaim the vector in __vector_schedule_cleanup() as well, following a warning message, although theoretically it should never see apicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a40209d355afe4ed6…
	https://git.kernel.org/stable/c/f5f4675960609d8c5…
	https://git.kernel.org/stable/c/6752dfcfff3ac3e16…
	https://git.kernel.org/stable/c/9eeda3e0071a329af…
	https://git.kernel.org/stable/c/e9c96d01d520498b1…
	https://git.kernel.org/stable/c/59f86a2908380d09c…
	https://git.kernel.org/stable/c/ebfb16fc057a016ab…
	https://git.kernel.org/stable/c/a6c11c0a5235fb144…

Impacted products

Vendor

Product

Version

Linux

Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < a40209d355afe4ed6d533507838c9e5cd70a76d8 (git)
Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < f5f4675960609d8c5ee95f027fbf6ce380f98372 (git)
Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < 6752dfcfff3ac3e16625ebd3f0ad9630900e7e76 (git)
Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < 9eeda3e0071a329af1eba15f4e57dc39576bb420 (git)
Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < e9c96d01d520498b169ce734a8ad1142bef86a30 (git)
Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < 59f86a2908380d09cdc726461c0fbb8d8579c99f (git)
Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < ebfb16fc057a016abb46a9720a54abf0d4f6abe1 (git)
Affected: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b , < a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32 (git)

Linux

Affected: 4.13
Unaffected: 0 , < 4.13 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:00.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a40209d355afe4ed6d533507838c9e5cd70a76d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f5f4675960609d8c5ee95f027fbf6ce380f98372"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6752dfcfff3ac3e16625ebd3f0ad9630900e7e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9eeda3e0071a329af1eba15f4e57dc39576bb420"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e9c96d01d520498b169ce734a8ad1142bef86a30"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59f86a2908380d09cdc726461c0fbb8d8579c99f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ebfb16fc057a016abb46a9720a54abf0d4f6abe1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31076",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:53.896904Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:46.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/apic/vector.c",
            "kernel/irq/cpuhotplug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a40209d355afe4ed6d533507838c9e5cd70a76d8",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            },
            {
              "lessThan": "f5f4675960609d8c5ee95f027fbf6ce380f98372",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            },
            {
              "lessThan": "6752dfcfff3ac3e16625ebd3f0ad9630900e7e76",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            },
            {
              "lessThan": "9eeda3e0071a329af1eba15f4e57dc39576bb420",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            },
            {
              "lessThan": "e9c96d01d520498b169ce734a8ad1142bef86a30",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            },
            {
              "lessThan": "59f86a2908380d09cdc726461c0fbb8d8579c99f",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            },
            {
              "lessThan": "ebfb16fc057a016abb46a9720a54abf0d4f6abe1",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            },
            {
              "lessThan": "a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32",
              "status": "affected",
              "version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/apic/vector.c",
            "kernel/irq/cpuhotplug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd-\u003emove_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU\u0027s vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd-\u003eprev_vector because the interrupt isn\u0027t currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn\u0027t reclaim apicd-\u003eprev_vector; instead, it simply resets both\napicd-\u003emove_in_progress and apicd-\u003eprev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd-\u003eprev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd-\u003emove_in_progress with apicd-\u003eprev_cpu pointing to an offline CPU."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:07.572Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a40209d355afe4ed6d533507838c9e5cd70a76d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5f4675960609d8c5ee95f027fbf6ce380f98372"
        },
        {
          "url": "https://git.kernel.org/stable/c/6752dfcfff3ac3e16625ebd3f0ad9630900e7e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/9eeda3e0071a329af1eba15f4e57dc39576bb420"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9c96d01d520498b169ce734a8ad1142bef86a30"
        },
        {
          "url": "https://git.kernel.org/stable/c/59f86a2908380d09cdc726461c0fbb8d8579c99f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebfb16fc057a016abb46a9720a54abf0d4f6abe1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32"
        }
      ],
      "title": "genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-31076",
    "datePublished": "2024-06-21T10:18:04.335Z",
    "dateReserved": "2024-06-21T10:13:16.276Z",
    "dateUpdated": "2025-11-04T17:20:00.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26778 (GCVE-0-2024-26778)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:01 – Updated: 2026-01-05 10:34

Title

fbdev: savage: Error out if pixclock equals zero

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/224453de8505aede1…
	https://git.kernel.org/stable/c/84dce0f6a4cc5b7bf…
	https://git.kernel.org/stable/c/512ee6d6041e007ef…
	https://git.kernel.org/stable/c/8c54acf33e5adaad6…
	https://git.kernel.org/stable/c/070398d32c5f3ab0e…
	https://git.kernel.org/stable/c/bc3c2e58d73b28b9a…
	https://git.kernel.org/stable/c/a9ca4e80d23474f90…
	https://git.kernel.org/stable/c/04e5eac8f3ab2ff52…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 224453de8505aede1890f007be973925a3edf6a1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 512ee6d6041e007ef5bf200c6e388e172a2c5b24 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 070398d32c5f3ab0e890374904ad94551c76aec4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bc3c2e58d73b28b9a8789fca84778ee165a72d13 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a9ca4e80d23474f90841251f4ac0d941fa337a01 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:06:44.068367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:06:55.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "224453de8505aede1890f007be973925a3edf6a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "512ee6d6041e007ef5bf200c6e388e172a2c5b24",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "070398d32c5f3ab0e890374904ad94551c76aec4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bc3c2e58d73b28b9a8789fca84778ee165a72d13",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a9ca4e80d23474f90841251f4ac0d941fa337a01",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo-\u003evar.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:32.658Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
        },
        {
          "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
        }
      ],
      "title": "fbdev: savage: Error out if pixclock equals zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26778",
    "datePublished": "2024-04-03T17:01:08.782Z",
    "dateReserved": "2024-02-19T14:20:24.177Z",
    "dateUpdated": "2026-01-05T10:34:32.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26925 (GCVE-0-2024-26925)

Vulnerability from cvelistv5 – Published: 2024-04-24 21:49 – Updated: 2025-05-04 12:55

Title

netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/61ac7284346c32f9a…
	https://git.kernel.org/stable/c/2cee2ff7f8cce12a6…
	https://git.kernel.org/stable/c/eb769ff4e281f751a…
	https://git.kernel.org/stable/c/8d3a58af50e46167b…
	https://git.kernel.org/stable/c/8038ee3c3e5b59bcd…
	https://git.kernel.org/stable/c/a34ba4bdeec0c3b62…
	https://git.kernel.org/stable/c/0d459e2ffb5418417…

Impacted products

Vendor

Product

Version

Linux

Affected: 4b6346dc1edfb9839d6edee7360ed31a22fa6c95 , < 61ac7284346c32f9a8c8ceac56102f7914060428 (git)
Affected: 23292bdfda5f04e704a843b8f97b0eb95ace1ca6 , < 2cee2ff7f8cce12a63a0a23ffe27f08d99541494 (git)
Affected: b44a459c6561595ed7c3679599c5279204132b33 , < eb769ff4e281f751adcaf4f4445cbf30817be139 (git)
Affected: 5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66 , < 8d3a58af50e46167b6f1db47adadad03c0045dae (git)
Affected: 720344340fb9be2765bbaab7b292ece0a4570eae , < 8038ee3c3e5b59bcd78467686db5270c68544e30 (git)
Affected: 720344340fb9be2765bbaab7b292ece0a4570eae , < a34ba4bdeec0c3b629160497594908dc820110f1 (git)
Affected: 720344340fb9be2765bbaab7b292ece0a4570eae , < 0d459e2ffb541841714839e8228b845458ed3b27 (git)
Affected: f85ca36090cbb252bcbc95fc74c2853fc792694f (git)
Affected: e07e68823116563bdbc49cef185cda6f463bc534 (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:46:30.592135Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:12.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "61ac7284346c32f9a8c8ceac56102f7914060428",
              "status": "affected",
              "version": "4b6346dc1edfb9839d6edee7360ed31a22fa6c95",
              "versionType": "git"
            },
            {
              "lessThan": "2cee2ff7f8cce12a63a0a23ffe27f08d99541494",
              "status": "affected",
              "version": "23292bdfda5f04e704a843b8f97b0eb95ace1ca6",
              "versionType": "git"
            },
            {
              "lessThan": "eb769ff4e281f751adcaf4f4445cbf30817be139",
              "status": "affected",
              "version": "b44a459c6561595ed7c3679599c5279204132b33",
              "versionType": "git"
            },
            {
              "lessThan": "8d3a58af50e46167b6f1db47adadad03c0045dae",
              "status": "affected",
              "version": "5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66",
              "versionType": "git"
            },
            {
              "lessThan": "8038ee3c3e5b59bcd78467686db5270c68544e30",
              "status": "affected",
              "version": "720344340fb9be2765bbaab7b292ece0a4570eae",
              "versionType": "git"
            },
            {
              "lessThan": "a34ba4bdeec0c3b629160497594908dc820110f1",
              "status": "affected",
              "version": "720344340fb9be2765bbaab7b292ece0a4570eae",
              "versionType": "git"
            },
            {
              "lessThan": "0d459e2ffb541841714839e8228b845458ed3b27",
              "status": "affected",
              "version": "720344340fb9be2765bbaab7b292ece0a4570eae",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f85ca36090cbb252bcbc95fc74c2853fc792694f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e07e68823116563bdbc49cef185cda6f463bc534",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.198",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "5.15.134",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "6.1.56",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.316",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:12.223Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"
        },
        {
          "url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"
        },
        {
          "url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"
        }
      ],
      "title": "netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26925",
    "datePublished": "2024-04-24T21:49:23.251Z",
    "dateReserved": "2024-02-19T14:20:24.194Z",
    "dateUpdated": "2025-05-04T12:55:12.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6535 (GCVE-0-2023-6535)

Vulnerability from cvelistv5 – Published: 2024-02-07 21:04 – Updated: 2025-11-06 21:45

Title

Kernel: null pointer dereference in nvmet_tcp_execute_request

Summary

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:0723	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0724	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0725	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0881	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0897	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1248	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2094	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3810	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6535	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2254053	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 8

Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 , < * (rpm)
cpe:/a:redhat:enterprise_linux:8::realtime
cpe:/a:redhat:enterprise_linux:8::nfv

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-513.18.1.el8_9 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm) cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.18.0-477.58.1.el8_8 , < * (rpm) cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-362.24.1.el9_3 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm) cpe:/a:redhat:rhel_eus:9.2::crb cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm) cpe:/a:redhat:rhel_eus:9.2::realtime cpe:/a:redhat:rhel_eus:9.2::nfv
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.18.0-372.91.1.el8_6 , < * (rpm) cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-22 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-11 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v6.8.1-407 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-19 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.0.0-479 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-7 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.4.0-247 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-5 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v1.1.0-227 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.1-470 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v2.9.6-14 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-2 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-24 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v5.8.6-10 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-525 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.1.0-224 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	RHOL-5.8-RHEL-9	Unaffected: v0.28.1-56 , < * (rpm) cpe:/a:redhat:logging:5.8::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Credits

Red Hat would like to thank Alon Zahavi for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6535",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-08T17:12:36.607009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T15:58:14.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:22:00.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0724"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:0881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0881"
          },
          {
            "name": "RHSA-2024:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0897"
          },
          {
            "name": "RHSA-2024:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1248"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "name": "RHSA-2024:3810",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3810"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
          },
          {
            "name": "RHBZ#2254053",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240415-0003/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/a:redhat:enterprise_linux:8::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.rt7.320.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-513.18.1.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.58.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-362.24.1.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::realtime",
            "cpe:/a:redhat:rhel_eus:9.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.91.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
        }
      ],
      "datePublic": "2023-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T21:45:16.229Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0724"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0881"
        },
        {
          "name": "RHSA-2024:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0897"
        },
        {
          "name": "RHSA-2024:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1248"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "name": "RHSA-2024:3810",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3810"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6535"
        },
        {
          "name": "RHBZ#2254053",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-11T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: null pointer dereference in nvmet_tcp_execute_request",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6535",
    "datePublished": "2024-02-07T21:04:21.409Z",
    "dateReserved": "2023-12-05T20:50:27.727Z",
    "dateUpdated": "2025-11-06T21:45:16.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52448 (GCVE-0-2023-52448)

Vulnerability from cvelistv5 – Published: 2024-02-22 16:21 – Updated: 2025-05-04 07:36

Title

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

Summary

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in gfs2_rgrp_dump() to prevent that.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/efc8ef87ab9185a23…
	https://git.kernel.org/stable/c/5c28478af371a1c3f…
	https://git.kernel.org/stable/c/ee0586d73cbaf0e70…
	https://git.kernel.org/stable/c/d69d7804cf9e2ba17…
	https://git.kernel.org/stable/c/067a7c48c2c70f05f…
	https://git.kernel.org/stable/c/c323efd620c741168…
	https://git.kernel.org/stable/c/8877243beafa7c6bf…

Impacted products

Vendor

Product

Version

Linux

Affected: 72244b6bc752b5c496f09de9a13c18adc314a53c , < efc8ef87ab9185a23d5676f2f7d986022d91bcde (git)
Affected: 72244b6bc752b5c496f09de9a13c18adc314a53c , < 5c28478af371a1c3fdb570ca67f110e1ae60fc37 (git)
Affected: 72244b6bc752b5c496f09de9a13c18adc314a53c , < ee0586d73cbaf0e7058bc640d62a9daf2dfa9178 (git)
Affected: 72244b6bc752b5c496f09de9a13c18adc314a53c , < d69d7804cf9e2ba171a27e5f98bc266f13d0414a (git)
Affected: 72244b6bc752b5c496f09de9a13c18adc314a53c , < 067a7c48c2c70f05f9460d6f0e8423e234729f05 (git)
Affected: 72244b6bc752b5c496f09de9a13c18adc314a53c , < c323efd620c741168c8e0cc6fc0be04ab57e331a (git)
Affected: 72244b6bc752b5c496f09de9a13c18adc314a53c , < 8877243beafa7c6bfc42022cbfdf9e39b25bd4fa (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52448",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-28T18:52:46.347708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:58.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/rgrp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "efc8ef87ab9185a23d5676f2f7d986022d91bcde",
              "status": "affected",
              "version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
              "versionType": "git"
            },
            {
              "lessThan": "5c28478af371a1c3fdb570ca67f110e1ae60fc37",
              "status": "affected",
              "version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
              "versionType": "git"
            },
            {
              "lessThan": "ee0586d73cbaf0e7058bc640d62a9daf2dfa9178",
              "status": "affected",
              "version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
              "versionType": "git"
            },
            {
              "lessThan": "d69d7804cf9e2ba171a27e5f98bc266f13d0414a",
              "status": "affected",
              "version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
              "versionType": "git"
            },
            {
              "lessThan": "067a7c48c2c70f05f9460d6f0e8423e234729f05",
              "status": "affected",
              "version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
              "versionType": "git"
            },
            {
              "lessThan": "c323efd620c741168c8e0cc6fc0be04ab57e331a",
              "status": "affected",
              "version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
              "versionType": "git"
            },
            {
              "lessThan": "8877243beafa7c6bfc42022cbfdf9e39b25bd4fa",
              "status": "affected",
              "version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/rgrp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump\n\nSyzkaller has reported a NULL pointer dereference when accessing\nrgd-\u003erd_rgl in gfs2_rgrp_dump().  This can happen when creating\nrgd-\u003erd_gl fails in read_rindex_entry().  Add a NULL pointer check in\ngfs2_rgrp_dump() to prevent that."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:36:45.265Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178"
        },
        {
          "url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a"
        },
        {
          "url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05"
        },
        {
          "url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa"
        }
      ],
      "title": "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52448",
    "datePublished": "2024-02-22T16:21:39.915Z",
    "dateReserved": "2024-02-20T12:30:33.292Z",
    "dateUpdated": "2025-05-04T07:36:45.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26820 (GCVE-0-2024-26820)

Vulnerability from cvelistv5 – Published: 2024-04-17 09:43 – Updated: 2025-05-04 08:57

Title

hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed

Summary

In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register successfully as the register call is received before netvsc_probe is finished. This is because we register register_netdevice_notifier() very early( even before vmbus_driver_register()). To fix this, we try to register each such matching VF( if it is visible as a netdevice) at the end of netvsc_probe.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bcb7164258d0a9a8a…
	https://git.kernel.org/stable/c/c7441c77c91e47f65…
	https://git.kernel.org/stable/c/5b10a88f64c0315cf…
	https://git.kernel.org/stable/c/b6d46f306b3964d05…
	https://git.kernel.org/stable/c/309ef7de5d840e176…
	https://git.kernel.org/stable/c/a71302c8638939c45…
	https://git.kernel.org/stable/c/4d29a58d96a78728c…
	https://git.kernel.org/stable/c/9cae43da9867412f8…

Impacted products

Vendor

Product

Version

Linux

Affected: 028aa21f9e92536038cabb834c15d08f5c894382 , < bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d (git)
Affected: 997d895fa495fb3421983923219bba93f1a793ee , < c7441c77c91e47f653104be8353b44a3366a5366 (git)
Affected: ff6c130e48a79c826cbc2427bd8b34a7592460cc , < 5b10a88f64c0315cfdef45de0aaaa4eef57de0b7 (git)
Affected: 97683466e24c801ee4e865ce90ac7e355db2da59 , < b6d46f306b3964d05055ddaa96b58cd8bd3a472c (git)
Affected: 5dd83db613be8e5c5d30efed7f42780e9eb18380 , < 309ef7de5d840e17607e7d65cbf297c0564433ef (git)
Affected: 7350c460f7f48a8653a15c5c90fc9070aaa29535 , < a71302c8638939c45e4ba5a99ea438185fd3f418 (git)
Affected: 85520856466ed6bc3b1ccb013cddac70ceb437db , < 4d29a58d96a78728cb01ee29ed70dc4bd642f135 (git)
Affected: 85520856466ed6bc3b1ccb013cddac70ceb437db , < 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 4.19.310 , ≤ 4.19.* (semver)
Unaffected: 5.4.272 , ≤ 5.4.* (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26820",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:59:53.031569Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:04.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/hyperv/netvsc_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d",
              "status": "affected",
              "version": "028aa21f9e92536038cabb834c15d08f5c894382",
              "versionType": "git"
            },
            {
              "lessThan": "c7441c77c91e47f653104be8353b44a3366a5366",
              "status": "affected",
              "version": "997d895fa495fb3421983923219bba93f1a793ee",
              "versionType": "git"
            },
            {
              "lessThan": "5b10a88f64c0315cfdef45de0aaaa4eef57de0b7",
              "status": "affected",
              "version": "ff6c130e48a79c826cbc2427bd8b34a7592460cc",
              "versionType": "git"
            },
            {
              "lessThan": "b6d46f306b3964d05055ddaa96b58cd8bd3a472c",
              "status": "affected",
              "version": "97683466e24c801ee4e865ce90ac7e355db2da59",
              "versionType": "git"
            },
            {
              "lessThan": "309ef7de5d840e17607e7d65cbf297c0564433ef",
              "status": "affected",
              "version": "5dd83db613be8e5c5d30efed7f42780e9eb18380",
              "versionType": "git"
            },
            {
              "lessThan": "a71302c8638939c45e4ba5a99ea438185fd3f418",
              "status": "affected",
              "version": "7350c460f7f48a8653a15c5c90fc9070aaa29535",
              "versionType": "git"
            },
            {
              "lessThan": "4d29a58d96a78728cb01ee29ed70dc4bd642f135",
              "status": "affected",
              "version": "85520856466ed6bc3b1ccb013cddac70ceb437db",
              "versionType": "git"
            },
            {
              "lessThan": "9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2",
              "status": "affected",
              "version": "85520856466ed6bc3b1ccb013cddac70ceb437db",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/hyperv/netvsc_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.310",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.310",
                  "versionStartIncluding": "4.19.301",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.272",
                  "versionStartIncluding": "5.4.263",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "5.10.203",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "5.15.141",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "6.1.65",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "6.6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed\n\nIf hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER\nhandler cannot perform VF register successfully as the register call\nis received before netvsc_probe is finished. This is because we\nregister register_netdevice_notifier() very early( even before\nvmbus_driver_register()).\nTo fix this, we try to register each such matching VF( if it is visible\nas a netdevice) at the end of netvsc_probe."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:17.151Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c"
        },
        {
          "url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2"
        }
      ],
      "title": "hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26820",
    "datePublished": "2024-04-17T09:43:47.966Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-05-04T08:57:17.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52594 (GCVE-0-2023-52594)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2025-05-21 08:49

Title

wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f44f073c78112ff92…
	https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7…
	https://git.kernel.org/stable/c/84770a996ad8d7f12…
	https://git.kernel.org/stable/c/9003fa9a0198ce004…
	https://git.kernel.org/stable/c/25c6f49ef59b7a9b8…
	https://git.kernel.org/stable/c/e4f4bac7d3b64eb75…
	https://git.kernel.org/stable/c/be609c7002dd4504b…
	https://git.kernel.org/stable/c/2adc886244dff60f9…

Impacted products

Vendor

Product

Version

Linux

Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < f44f073c78112ff921a220d01b86d09f2ace59bc (git)
Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < f11f0fd1ad6c11ae7856d4325fe9d05059767225 (git)
Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < 84770a996ad8d7f121ff2fb5a8d149aad52d64c1 (git)
Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < 9003fa9a0198ce004b30738766c67eb7373479c9 (git)
Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < 25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234 (git)
Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < e4f4bac7d3b64eb75f70cd3345712de6f68a215d (git)
Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < be609c7002dd4504b15b069cb7582f4c778548d1 (git)
Affected: 27876a29de221186c9d5883e5fe5f6da18ef9a45 , < 2adc886244dff60f948497b59affb6c6ebb3c348 (git)

Linux

Affected: 3.0
Unaffected: 0 , < 3.0 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:55:54.886327Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:30.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f44f073c78112ff921a220d01b86d09f2ace59bc",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            },
            {
              "lessThan": "f11f0fd1ad6c11ae7856d4325fe9d05059767225",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            },
            {
              "lessThan": "84770a996ad8d7f121ff2fb5a8d149aad52d64c1",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            },
            {
              "lessThan": "9003fa9a0198ce004b30738766c67eb7373479c9",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            },
            {
              "lessThan": "25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            },
            {
              "lessThan": "e4f4bac7d3b64eb75f70cd3345712de6f68a215d",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            },
            {
              "lessThan": "be609c7002dd4504b15b069cb7582f4c778548d1",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            },
            {
              "lessThan": "2adc886244dff60f948497b59affb6c6ebb3c348",
              "status": "affected",
              "version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\n\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs-\u003ecnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs-\u003etxstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\n\nFound by a modified version of syzkaller.\n\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type \u0027__wmi_event_txstatus [12]\u0027\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T08:49:46.466Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225"
        },
        {
          "url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d"
        },
        {
          "url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348"
        }
      ],
      "title": "wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52594",
    "datePublished": "2024-03-06T06:45:25.071Z",
    "dateReserved": "2024-03-02T21:55:42.571Z",
    "dateUpdated": "2025-05-21T08:49:46.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36934 (GCVE-0-2024-36934)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:12

Title

bna: ensure the copied buf is NUL terminated

Summary

In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bd502ba81cd1d515d…
	https://git.kernel.org/stable/c/80578ec10335bc15a…
	https://git.kernel.org/stable/c/6f0f19b79c085cc89…
	https://git.kernel.org/stable/c/0f560240b4cc25d3d…
	https://git.kernel.org/stable/c/06cb37e2ba6441888…
	https://git.kernel.org/stable/c/e19478763154674c0…
	https://git.kernel.org/stable/c/1518b2b498a0109eb…
	https://git.kernel.org/stable/c/8c34096c7fdf272fd…

Impacted products

Vendor

Product

Version

Linux

Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < bd502ba81cd1d515deddad7dbc6b812b14b97147 (git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 80578ec10335bc15ac35fd1703c22aab34e39fdd (git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 6f0f19b79c085cc891c418b768f26f7004bd51a4 (git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 0f560240b4cc25d3de527deb257cdf072c0102a9 (git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 06cb37e2ba6441888f24566a997481d4197b4e32 (git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < e19478763154674c084defc62ae0d64d79657f91 (git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 1518b2b498a0109eb6b15755169d3b6607356b35 (git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T16:03:00.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240912-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:51.492467Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:36.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bd502ba81cd1d515deddad7dbc6b812b14b97147",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            },
            {
              "lessThan": "80578ec10335bc15ac35fd1703c22aab34e39fdd",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            },
            {
              "lessThan": "6f0f19b79c085cc891c418b768f26f7004bd51a4",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            },
            {
              "lessThan": "0f560240b4cc25d3de527deb257cdf072c0102a9",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            },
            {
              "lessThan": "06cb37e2ba6441888f24566a997481d4197b4e32",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            },
            {
              "lessThan": "e19478763154674c084defc62ae0d64d79657f91",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            },
            {
              "lessThan": "1518b2b498a0109eb6b15755169d3b6607356b35",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            },
            {
              "lessThan": "8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f",
              "status": "affected",
              "version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:22.995Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
        },
        {
          "url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
        },
        {
          "url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
        },
        {
          "url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
        }
      ],
      "title": "bna: ensure the copied buf is NUL terminated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36934",
    "datePublished": "2024-05-30T15:29:24.357Z",
    "dateReserved": "2024-05-30T15:25:07.071Z",
    "dateUpdated": "2025-05-04T09:12:22.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26684 (GCVE-0-2024-26684)

Vulnerability from cvelistv5 – Published: 2024-04-02 07:01 – Updated: 2025-05-04 08:53

Title

net: stmmac: xgmac: fix handling of DPP safety error for DMA channels

Summary

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC core") checks and reports safety errors, but leaves the Data Path Parity Errors for each channel in DMA unhandled at all, lead to a storm of interrupt. Fix it by checking and clearing the DMA_DPP_Interrupt_Status register.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e9837c83befb5b852…
	https://git.kernel.org/stable/c/2fc45a4631ac7837a…
	https://git.kernel.org/stable/c/6609e98ed82966a1b…
	https://git.kernel.org/stable/c/e42ff0844fe418c7d…
	https://git.kernel.org/stable/c/7e0ff50131e9d1aa5…
	https://git.kernel.org/stable/c/3b48c9e258c8691c2…
	https://git.kernel.org/stable/c/46eba193d04f8bd71…

Impacted products

Vendor

Product

Version

Linux

Affected: 56e58d6c8a5640eb708e85866e9d243d0357ee54 , < e9837c83befb5b852fa76425dde98a87b737df00 (git)
Affected: 56e58d6c8a5640eb708e85866e9d243d0357ee54 , < 2fc45a4631ac7837a5c497cb4f7e2115d950fc37 (git)
Affected: 56e58d6c8a5640eb708e85866e9d243d0357ee54 , < 6609e98ed82966a1b3168c142aca30f8284a7b89 (git)
Affected: 56e58d6c8a5640eb708e85866e9d243d0357ee54 , < e42ff0844fe418c7d03a14f9f90e1b91ba119591 (git)
Affected: 56e58d6c8a5640eb708e85866e9d243d0357ee54 , < 7e0ff50131e9d1aa507be8e670d38e9300a5f5bf (git)
Affected: 56e58d6c8a5640eb708e85866e9d243d0357ee54 , < 3b48c9e258c8691c2f093ee07b1ea3764caaa1b2 (git)
Affected: 56e58d6c8a5640eb708e85866e9d243d0357ee54 , < 46eba193d04f8bd717e525eb4110f3c46c12aec3 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.78 , ≤ 6.1.* (semver)
Unaffected: 6.6.17 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.724Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e9837c83befb5b852fa76425dde98a87b737df00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2fc45a4631ac7837a5c497cb4f7e2115d950fc37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6609e98ed82966a1b3168c142aca30f8284a7b89"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e42ff0844fe418c7d03a14f9f90e1b91ba119591"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e0ff50131e9d1aa507be8e670d38e9300a5f5bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3b48c9e258c8691c2f093ee07b1ea3764caaa1b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46eba193d04f8bd717e525eb4110f3c46c12aec3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:13.472290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:33.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/stmicro/stmmac/common.h",
            "drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h",
            "drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e9837c83befb5b852fa76425dde98a87b737df00",
              "status": "affected",
              "version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
              "versionType": "git"
            },
            {
              "lessThan": "2fc45a4631ac7837a5c497cb4f7e2115d950fc37",
              "status": "affected",
              "version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
              "versionType": "git"
            },
            {
              "lessThan": "6609e98ed82966a1b3168c142aca30f8284a7b89",
              "status": "affected",
              "version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
              "versionType": "git"
            },
            {
              "lessThan": "e42ff0844fe418c7d03a14f9f90e1b91ba119591",
              "status": "affected",
              "version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
              "versionType": "git"
            },
            {
              "lessThan": "7e0ff50131e9d1aa507be8e670d38e9300a5f5bf",
              "status": "affected",
              "version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
              "versionType": "git"
            },
            {
              "lessThan": "3b48c9e258c8691c2f093ee07b1ea3764caaa1b2",
              "status": "affected",
              "version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
              "versionType": "git"
            },
            {
              "lessThan": "46eba193d04f8bd717e525eb4110f3c46c12aec3",
              "status": "affected",
              "version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/stmicro/stmmac/common.h",
            "drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h",
            "drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.78",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: xgmac: fix handling of DPP safety error for DMA channels\n\nCommit 56e58d6c8a56 (\"net: stmmac: Implement Safety Features in\nXGMAC core\") checks and reports safety errors, but leaves the\nData Path Parity Errors for each channel in DMA unhandled at all, lead to\na storm of interrupt.\nFix it by checking and clearing the DMA_DPP_Interrupt_Status register."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:59.612Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e9837c83befb5b852fa76425dde98a87b737df00"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fc45a4631ac7837a5c497cb4f7e2115d950fc37"
        },
        {
          "url": "https://git.kernel.org/stable/c/6609e98ed82966a1b3168c142aca30f8284a7b89"
        },
        {
          "url": "https://git.kernel.org/stable/c/e42ff0844fe418c7d03a14f9f90e1b91ba119591"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e0ff50131e9d1aa507be8e670d38e9300a5f5bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b48c9e258c8691c2f093ee07b1ea3764caaa1b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/46eba193d04f8bd717e525eb4110f3c46c12aec3"
        }
      ],
      "title": "net: stmmac: xgmac: fix handling of DPP safety error for DMA channels",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26684",
    "datePublished": "2024-04-02T07:01:46.687Z",
    "dateReserved": "2024-02-19T14:20:24.153Z",
    "dateUpdated": "2025-05-04T08:53:59.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26882 (GCVE-0-2024-26882)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") 1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. syzbot reported: BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389 ipgre_rcv net/ipv4/ip_gre.c:411 [inline] gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447 gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [inline] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_rcv_finish net/ipv4/ip_input.c:449 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648 netif_receive_skb_internal net/core/dev.c:5734 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5793 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556 tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133 alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204 skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909 tun_build_skb drivers/net/tun.c:1686 [inline] tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ec6bb01e02cbd4778…
	https://git.kernel.org/stable/c/77fd5294ea09b21f6…
	https://git.kernel.org/stable/c/5c03387021cfa3336…
	https://git.kernel.org/stable/c/60044ab8483635953…
	https://git.kernel.org/stable/c/c4c857723b37c2065…
	https://git.kernel.org/stable/c/f6723d8dbfdc10c78…
	https://git.kernel.org/stable/c/ca914f1cdee8a8579…
	https://git.kernel.org/stable/c/b0ec2abf98267f14d…

Impacted products

Vendor

Product

Version

Linux

Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 77fd5294ea09b21f6772ac954a121b87323cec80 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 5c03387021cfa3336b97e0dcba38029917a8af2a (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 60044ab84836359534bd7153b92e9c1584140e4a (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < c4c857723b37c20651300b3de4ff25059848b4b0 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < f6723d8dbfdc10c784a56748f86a9a3cd410dbd5 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < ca914f1cdee8a85799942c9b0ce5015bbd6844e1 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < b0ec2abf98267f14d032102551581c833b0659d3 (git)

Linux

Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26882",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T18:00:36.614107Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T21:14:07.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-20T13:06:43.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77fd5294ea09b21f6772ac954a121b87323cec80"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c03387021cfa3336b97e0dcba38029917a8af2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/60044ab84836359534bd7153b92e9c1584140e4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c4c857723b37c20651300b3de4ff25059848b4b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6723d8dbfdc10c784a56748f86a9a3cd410dbd5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca914f1cdee8a85799942c9b0ce5015bbd6844e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0ec2abf98267f14d032102551581c833b0659d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241220-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/ip_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "77fd5294ea09b21f6772ac954a121b87323cec80",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "5c03387021cfa3336b97e0dcba38029917a8af2a",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "60044ab84836359534bd7153b92e9c1584140e4a",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "c4c857723b37c20651300b3de4ff25059848b4b0",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "f6723d8dbfdc10c784a56748f86a9a3cd410dbd5",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "ca914f1cdee8a85799942c9b0ce5015bbd6844e1",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "b0ec2abf98267f14d032102551581c833b0659d3",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/ip_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()\n\nApply the same fix than ones found in :\n\n8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\")\n\nWe have to save skb-\u003enetwork_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb-\u003ehead.\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n  __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n  INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n  IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n  ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n  __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389\n  ipgre_rcv net/ipv4/ip_gre.c:411 [inline]\n  gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447\n  gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163\n  ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n  ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n  dst_input include/net/dst.h:461 [inline]\n  ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n  __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n  __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n  netif_receive_skb_internal net/core/dev.c:5734 [inline]\n  netif_receive_skb+0x58/0x660 net/core/dev.c:5793\n  tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556\n  tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009\n  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n  call_write_iter include/linux/fs.h:2087 [inline]\n  new_sync_write fs/read_write.c:497 [inline]\n  vfs_write+0xb6b/0x1520 fs/read_write.c:590\n  ksys_write+0x20f/0x4c0 fs/read_write.c:643\n  __do_sys_write fs/read_write.c:655 [inline]\n  __se_sys_write fs/read_write.c:652 [inline]\n  __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n  __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n  alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133\n  alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204\n  skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909\n  tun_build_skb drivers/net/tun.c:1686 [inline]\n  tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826\n  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n  call_write_iter include/linux/fs.h:2087 [inline]\n  new_sync_write fs/read_write.c:497 [inline]\n  vfs_write+0xb6b/0x1520 fs/read_write.c:590\n  ksys_write+0x20f/0x4c0 fs/read_write.c:643\n  __do_sys_write fs/read_write.c:655 [inline]\n  __se_sys_write fs/read_write.c:652 [inline]\n  __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:47.122Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/77fd5294ea09b21f6772ac954a121b87323cec80"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c03387021cfa3336b97e0dcba38029917a8af2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/60044ab84836359534bd7153b92e9c1584140e4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4c857723b37c20651300b3de4ff25059848b4b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6723d8dbfdc10c784a56748f86a9a3cd410dbd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca914f1cdee8a85799942c9b0ce5015bbd6844e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0ec2abf98267f14d032102551581c833b0659d3"
        }
      ],
      "title": "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26882",
    "datePublished": "2024-04-17T10:27:38.389Z",
    "dateReserved": "2024-02-19T14:20:24.185Z",
    "dateUpdated": "2025-05-04T08:58:47.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26744 (GCVE-0-2024-26744)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

RDMA/srpt: Support specifying the srpt_service_guid parameter

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module triggers the following kernel crash: BUG: kernel NULL pointer dereference, address: 0000000000000000 Call Trace: <TASK> parse_one+0x18c/0x1d0 parse_args+0xe1/0x230 load_module+0x8de/0xa60 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x181/0x240 __x64_sys_finit_module+0x5a/0xb0 do_syscall_64+0x5f/0xe0 entry_SYSCALL_64_after_hwframe+0x6e/0x76

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84f1dac960cfa210a…
	https://git.kernel.org/stable/c/e0055d6461b36bfc2…
	https://git.kernel.org/stable/c/5a5c039dac1b1b7ba…
	https://git.kernel.org/stable/c/989af2f29342a9a7c…
	https://git.kernel.org/stable/c/aee4dcfe17219fe60…
	https://git.kernel.org/stable/c/fe2a73d57319feab4…
	https://git.kernel.org/stable/c/c99a827d3cff9f84e…
	https://git.kernel.org/stable/c/fdfa083549de5d50e…

Impacted products

Vendor

Product

Version

Linux

Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 84f1dac960cfa210a3b7a7522e6c2320ae91932b (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < e0055d6461b36bfc25a9d2ab974eef78d36a6738 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 5a5c039dac1b1b7ba3e91c791f4421052bf79b82 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 989af2f29342a9a7c7515523d879b698ac8465f4 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < aee4dcfe17219fe60f2821923adea98549060af8 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < fe2a73d57319feab4b3b175945671ce43492172f (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < c99a827d3cff9f84e1cb997b7cc6386d107aa74d (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < fdfa083549de5d50ebf7f6811f33757781e838c0 (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.293 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26744",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T19:40:03.230655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T21:08:27.208Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/srpt/ib_srpt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84f1dac960cfa210a3b7a7522e6c2320ae91932b",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "e0055d6461b36bfc25a9d2ab974eef78d36a6738",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "5a5c039dac1b1b7ba3e91c791f4421052bf79b82",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "989af2f29342a9a7c7515523d879b698ac8465f4",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "aee4dcfe17219fe60f2821923adea98549060af8",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "fe2a73d57319feab4b3b175945671ce43492172f",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "c99a827d3cff9f84e1cb997b7cc6386d107aa74d",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "fdfa083549de5d50ebf7f6811f33757781e838c0",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/srpt/ib_srpt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.293",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n \u003cTASK\u003e\n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:30.832Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0055d6461b36bfc25a9d2ab974eef78d36a6738"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82"
        },
        {
          "url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0"
        }
      ],
      "title": "RDMA/srpt: Support specifying the srpt_service_guid parameter",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26744",
    "datePublished": "2024-04-03T17:00:33.280Z",
    "dateReserved": "2024-02-19T14:20:24.168Z",
    "dateUpdated": "2025-05-04T08:55:30.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35853 (GCVE-0-2024-35853)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

mlxsw: spectrum_acl_tcam: Fix memory leak during rehash

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. If the migration fails, the code tries to migrate the filters back to the old region. However, the rollback itself can also fail in which case another migration will be erroneously performed. Besides the fact that this ping pong is not a very good idea, it also creates a problem. Each virtual chunk references two chunks: The currently used one ('vchunk->chunk') and a backup ('vchunk->chunk2'). During migration the first holds the chunk we want to migrate filters to and the second holds the chunk we are migrating filters from. The code currently assumes - but does not verify - that the backup chunk does not exist (NULL) if the currently used chunk does not reference the target region. This assumption breaks when we are trying to rollback a rollback, resulting in the backup chunk being overwritten and leaked [1]. Fix by not rolling back a failed rollback and add a warning to avoid future cases. [1] WARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20 Modules linked in: CPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G W 6.9.0-rc2-custom-00784-gc6a05c468a0b #14 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:parman_destroy+0x17/0x20 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_region_fini+0x19/0x60 mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e…
	https://git.kernel.org/stable/c/617e98ba4c50f4547…
	https://git.kernel.org/stable/c/413a01886c3958d4b…
	https://git.kernel.org/stable/c/b822644fd90992ee3…
	https://git.kernel.org/stable/c/0ae8ff7b6d42e3394…
	https://git.kernel.org/stable/c/b3fd51f684a071150…
	https://git.kernel.org/stable/c/8ca3f7a7b61393804…

Impacted products

Vendor

Product

Version

Linux

Affected: 843500518509128a935edab96bd8efef7c54669e , < c6f3fa7f5a748bf6e5c4eb742686d6952f854e76 (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 617e98ba4c50f4547c9eb0946b1cfc26937d70d1 (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 413a01886c3958d4b8aac23a3bff3d430b92093e (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < b822644fd90992ee362c5e0c8d2556efc8856c76 (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < b3fd51f684a0711504f82de510da109ae639722d (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 8ca3f7a7b61393804c46f170743c3b839df13977 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "c6f3fa7f5a74",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "617e98ba4c50",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "413a01886c39",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "b822644fd909",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "0ae8ff7b6d42",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "b3fd51f684a0",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "8ca3f7a7b613",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:34:35.252109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T13:51:48.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c6f3fa7f5a748bf6e5c4eb742686d6952f854e76",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "617e98ba4c50f4547c9eb0946b1cfc26937d70d1",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "413a01886c3958d4b8aac23a3bff3d430b92093e",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "b822644fd90992ee362c5e0c8d2556efc8856c76",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "b3fd51f684a0711504f82de510da109ae639722d",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "8ca3f7a7b61393804c46f170743c3b839df13977",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak during rehash\n\nThe rehash delayed work migrates filters from one region to another.\nThis is done by iterating over all chunks (all the filters with the same\npriority) in the region and in each chunk iterating over all the\nfilters.\n\nIf the migration fails, the code tries to migrate the filters back to\nthe old region. However, the rollback itself can also fail in which case\nanother migration will be erroneously performed. Besides the fact that\nthis ping pong is not a very good idea, it also creates a problem.\n\nEach virtual chunk references two chunks: The currently used one\n(\u0027vchunk-\u003echunk\u0027) and a backup (\u0027vchunk-\u003echunk2\u0027). During migration the\nfirst holds the chunk we want to migrate filters to and the second holds\nthe chunk we are migrating filters from.\n\nThe code currently assumes - but does not verify - that the backup chunk\ndoes not exist (NULL) if the currently used chunk does not reference the\ntarget region. This assumption breaks when we are trying to rollback a\nrollback, resulting in the backup chunk being overwritten and leaked\n[1].\n\nFix by not rolling back a failed rollback and add a warning to avoid\nfuture cases.\n\n[1]\nWARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20\nModules linked in:\nCPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G        W          6.9.0-rc2-custom-00784-gc6a05c468a0b #14\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:parman_destroy+0x17/0x20\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_region_fini+0x19/0x60\n mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:52.551Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix memory leak during rehash",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35853",
    "datePublished": "2024-05-17T14:47:30.109Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:52.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36017 (GCVE-0-2024-36017)

Vulnerability from cvelistv5 – Published: 2024-05-30 12:52 – Updated: 2025-05-04 09:10

Title

rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

Summary

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct ifla_vf_vlan_info) which is 14 bytes. The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes) which is less than sizeof(struct ifla_vf_vlan_info) so this validation is not enough and a too small attribute might be cast to a struct ifla_vf_vlan_info, this might result in an out of bands read access when accessing the saved (casted) entry in ivvl.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8ac69ff2d0d5be973…
	https://git.kernel.org/stable/c/5e7ef2d88666a0212…
	https://git.kernel.org/stable/c/6c8f44b02500c7d14…
	https://git.kernel.org/stable/c/f3c1bf3054f96ddea…
	https://git.kernel.org/stable/c/6e4c7193954f4faab…
	https://git.kernel.org/stable/c/206003c748b88890a…
	https://git.kernel.org/stable/c/4a4b9757789a1551d…
	https://git.kernel.org/stable/c/1aec77b2bb2ed1db0…

Impacted products

Vendor

Product

Version

Linux

Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < 8ac69ff2d0d5be9734c4402de932aa3dc8549c1a (git)
Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < 5e7ef2d88666a0212db8c38e6703864b9ce70169 (git)
Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < 6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de (git)
Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < f3c1bf3054f96ddeab0621d920445bada769b40e (git)
Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < 6e4c7193954f4faab92f6e8d88bc5565317b44e7 (git)
Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < 206003c748b88890a910ef7142d18f77be57550b (git)
Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < 4a4b9757789a1551d2df130df23bfb3545bfa7e8 (git)
Affected: 79aab093a0b5370d7fc4e99df75996f4744dc03f , < 1aec77b2bb2ed1db0f5efc61c4c1ca3813307489 (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T18:50:37.165926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T18:50:48.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/rtnetlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8ac69ff2d0d5be9734c4402de932aa3dc8549c1a",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            },
            {
              "lessThan": "5e7ef2d88666a0212db8c38e6703864b9ce70169",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            },
            {
              "lessThan": "6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            },
            {
              "lessThan": "f3c1bf3054f96ddeab0621d920445bada769b40e",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            },
            {
              "lessThan": "6e4c7193954f4faab92f6e8d88bc5565317b44e7",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            },
            {
              "lessThan": "206003c748b88890a910ef7142d18f77be57550b",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            },
            {
              "lessThan": "4a4b9757789a1551d2df130df23bfb3545bfa7e8",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            },
            {
              "lessThan": "1aec77b2bb2ed1db0f5efc61c4c1ca3813307489",
              "status": "affected",
              "version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/rtnetlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation\n\nEach attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a\nstruct ifla_vf_vlan_info so the size of such attribute needs to be at least\nof sizeof(struct ifla_vf_vlan_info) which is 14 bytes.\nThe current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)\nwhich is less than sizeof(struct ifla_vf_vlan_info) so this validation\nis not enough and a too small attribute might be cast to a\nstruct ifla_vf_vlan_info, this might result in an out of bands\nread access when accessing the saved (casted) entry in ivvl."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:39.898Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
        }
      ],
      "title": "rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36017",
    "datePublished": "2024-05-30T12:52:03.554Z",
    "dateReserved": "2024-05-17T13:50:33.154Z",
    "dateUpdated": "2025-05-04T09:10:39.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52607 (GCVE-0-2023-52607)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2025-05-21 08:49

Title

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21e45a7b08d7cd98d…
	https://git.kernel.org/stable/c/f6781add1c311c17e…
	https://git.kernel.org/stable/c/aa28eecb43cac6e20…
	https://git.kernel.org/stable/c/ac3ed969a40357b05…
	https://git.kernel.org/stable/c/d482d61025e303a2b…
	https://git.kernel.org/stable/c/145febd85c3bcc5c7…
	https://git.kernel.org/stable/c/ffd29dc45bc035539…
	https://git.kernel.org/stable/c/f46c8a75263f97bda…

Impacted products

Vendor

Product

Version

Linux

Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < 21e45a7b08d7cd98d6a53c5fc5111879f2d96611 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < f6781add1c311c17eff43e14c786004bbacf901e (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < ac3ed969a40357b0542d20f096a6d43acdfa6cc7 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < d482d61025e303a2bef3733a011b6b740215cfa1 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < 145febd85c3bcc5c74d87ef9a598fc7d9122d532 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < ffd29dc45bc0355393859049f6becddc3ed08f74 (git)
Affected: a0668cdc154e54bf0c85182e0535eea237d53146 , < f46c8a75263f97bda13c739ba1c90aced0d3b071 (git)

Linux

Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52607",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-06T15:59:58.884148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T21:10:22.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/mm/init-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21e45a7b08d7cd98d6a53c5fc5111879f2d96611",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "f6781add1c311c17eff43e14c786004bbacf901e",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "ac3ed969a40357b0542d20f096a6d43acdfa6cc7",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "d482d61025e303a2bef3733a011b6b740215cfa1",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "145febd85c3bcc5c74d87ef9a598fc7d9122d532",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "ffd29dc45bc0355393859049f6becddc3ed08f74",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            },
            {
              "lessThan": "f46c8a75263f97bda13c739ba1c90aced0d3b071",
              "status": "affected",
              "version": "a0668cdc154e54bf0c85182e0535eea237d53146",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/mm/init-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T08:49:48.846Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
        },
        {
          "url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
        },
        {
          "url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
        }
      ],
      "title": "powerpc/mm: Fix null-pointer dereference in pgtable_cache_add",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52607",
    "datePublished": "2024-03-06T06:45:31.769Z",
    "dateReserved": "2024-03-02T21:55:42.574Z",
    "dateUpdated": "2025-05-21T08:49:48.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26937 (GCVE-0-2024-26937)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2025-05-04 09:00

Title

drm/i915/gt: Reset queue_priority_hint on parking

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 16 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/67944e6db656bf1e9…
	https://git.kernel.org/stable/c/fe34587acc995e7b1…
	https://git.kernel.org/stable/c/ac9b6b3e8d1237136…
	https://git.kernel.org/stable/c/7eab7b021835ae422…
	https://git.kernel.org/stable/c/3b031e4fcb2740988…
	https://git.kernel.org/stable/c/aed034866a08bb7e6…
	https://git.kernel.org/stable/c/8fd9b0ce8c26533fe…
	https://git.kernel.org/stable/c/4a3859ea5240365d2…

Impacted products

Vendor

Product

Version

Linux

Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 67944e6db656bf1e986aa2a359f866f851091f8a (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < fe34587acc995e7b1d7a5d3444a0736721ec32b3 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 7eab7b021835ae422c38b968d5cc60e99408fb62 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 3b031e4fcb2740988143c303f81f69f18ce86325 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < aed034866a08bb7e6e34d50a5629a4d23fe83703 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 4a3859ea5240365d21f6053ee219bb240d520895 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T18:35:30.171766Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:50.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67944e6db656bf1e986aa2a359f866f851091f8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe34587acc995e7b1d7a5d3444a0736721ec32b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7eab7b021835ae422c38b968d5cc60e99408fb62"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3b031e4fcb2740988143c303f81f69f18ce86325"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aed034866a08bb7e6e34d50a5629a4d23fe83703"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a3859ea5240365d21f6053ee219bb240d520895"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/i915/gt/intel_engine_pm.c",
            "drivers/gpu/drm/i915/gt/intel_execlists_submission.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "67944e6db656bf1e986aa2a359f866f851091f8a",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            },
            {
              "lessThan": "fe34587acc995e7b1d7a5d3444a0736721ec32b3",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            },
            {
              "lessThan": "ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            },
            {
              "lessThan": "7eab7b021835ae422c38b968d5cc60e99408fb62",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            },
            {
              "lessThan": "3b031e4fcb2740988143c303f81f69f18ce86325",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            },
            {
              "lessThan": "aed034866a08bb7e6e34d50a5629a4d23fe83703",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            },
            {
              "lessThan": "8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            },
            {
              "lessThan": "4a3859ea5240365d21f6053ee219bb240d520895",
              "status": "affected",
              "version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/i915/gt/intel_engine_pm.c",
            "drivers/gpu/drm/i915/gt/intel_execlists_submission.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Reset queue_priority_hint on parking\n\nOriginally, with strict in order execution, we could complete execution\nonly when the queue was empty. Preempt-to-busy allows replacement of an\nactive request that may complete before the preemption is processed by\nHW. If that happens, the request is retired from the queue, but the\nqueue_priority_hint remains set, preventing direct submission until\nafter the next CS interrupt is processed.\n\nThis preempt-to-busy race can be triggered by the heartbeat, which will\nalso act as the power-management barrier and upon completion allow us to\nidle the HW. We may process the completion of the heartbeat, and begin\nparking the engine before the CS event that restores the\nqueue_priority_hint, causing us to fail the assertion that it is MIN.\n\n\u003c3\u003e[  166.210729] __engine_park:283 GEM_BUG_ON(engine-\u003esched_engine-\u003equeue_priority_hint != (-((int)(~0U \u003e\u003e 1)) - 1))\n\u003c0\u003e[  166.210781] Dumping ftrace buffer:\n\u003c0\u003e[  166.210795] ---------------------------------\n...\n\u003c0\u003e[  167.302811] drm_fdin-1097      2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 }\n\u003c0\u003e[  167.302861] drm_fdin-1097      2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646\n\u003c0\u003e[  167.302928] drm_fdin-1097      2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0\n\u003c0\u003e[  167.302992] drm_fdin-1097      2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659\n\u003c0\u003e[  167.303044] drm_fdin-1097      2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40\n\u003c0\u003e[  167.303095] drm_fdin-1097      2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 }\n\u003c0\u003e[  167.303159] kworker/-89       11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2\n\u003c0\u003e[  167.303208] kworker/-89       11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin\n\u003c0\u003e[  167.303272] kworker/-89       11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2\n\u003c0\u003e[  167.303321] kworker/-89       11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin\n\u003c0\u003e[  167.303384] kworker/-89       11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660\n\u003c0\u003e[  167.303434] kworker/-89       11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns }\n\u003c0\u003e[  167.303484] kworker/-89       11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked\n\u003c0\u003e[  167.303534]   \u003cidle\u003e-0         5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040\n\u003c0\u003e[  167.303583] kworker/-89       11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns }\n\u003c0\u003e[  167.303756] kworker/-89       11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns }\n\u003c0\u003e[  167.303806] kworker/-89       11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine-\u003esched_engine-\u003equeue_priority_hint != (-((int)(~0U \u003e\u003e 1)) - 1))\n\u003c0\u003e[  167.303811] ---------------------------------\n\u003c4\u003e[  167.304722] ------------[ cut here ]------------\n\u003c2\u003e[  167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283!\n\u003c4\u003e[  167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[  167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G        W          6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1\n\u003c4\u003e[  167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022\n\u003c4\u003e[  167.304738] Workqueue: i915-unordered retire_work_handler [i915]\n\u003c4\u003e[  16\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:11.088Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/67944e6db656bf1e986aa2a359f866f851091f8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe34587acc995e7b1d7a5d3444a0736721ec32b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7eab7b021835ae422c38b968d5cc60e99408fb62"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b031e4fcb2740988143c303f81f69f18ce86325"
        },
        {
          "url": "https://git.kernel.org/stable/c/aed034866a08bb7e6e34d50a5629a4d23fe83703"
        },
        {
          "url": "https://git.kernel.org/stable/c/8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a3859ea5240365d21f6053ee219bb240d520895"
        }
      ],
      "title": "drm/i915/gt: Reset queue_priority_hint on parking",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26937",
    "datePublished": "2024-05-01T05:17:35.555Z",
    "dateReserved": "2024-02-19T14:20:24.196Z",
    "dateUpdated": "2025-05-04T09:00:11.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-24858 (GCVE-0-2024-24858)

Vulnerability from cvelistv5 – Published: 2024-02-05 07:30 – Updated: 2025-02-13 17:40

Title

Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set()

Summary

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

Severity ?

4.6 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Anolis

References

URL

Tags

	https://bugzilla.openanolis.cn/show_bug.cgi?id=8154
	https://lists.debian.org/debian-lts-announce/2024…
	https://lists.debian.org/debian-lts-announce/2024…

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Affected: v4.0-rc1 , < v6.8-rc2 (custom)

Credits

白家驹 <baijiaju@buaa.edu.cn> 韩桂栋 <hanguidong@buaa.edu.cn>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24858",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T18:47:37.158239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:10.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:13.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8154"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "bluetooth"
          ],
          "packageName": "kernel",
          "platforms": [
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Linux kernel",
          "programFiles": [
            "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
          ],
          "repo": "https://gitee.com/anolis/cloud-kernel.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v6.8-rc2",
              "status": "affected",
              "version": "v4.0-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.\u003c/p\u003e"
            }
          ],
          "value": "A race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-26",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-26 Leveraging Race Conditions"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T12:10:52.036Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8154"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set()",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2024-24858",
    "datePublished": "2024-02-05T07:30:55.483Z",
    "dateReserved": "2024-02-01T09:11:56.214Z",
    "dateUpdated": "2025-02-13T17:40:33.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38637 (GCVE-0-2024-38637)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:21

Title

greybus: lights: check return of get_channel_from_mode

Summary

In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places. This was originally reported in [0]: Found by Linux Verification Center (linuxtesting.org) with SVACE. [0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8f4a76d477f0cc3c5…
	https://git.kernel.org/stable/c/e2c64246e5dc8c0d3…
	https://git.kernel.org/stable/c/eac10cf3a97ffd4b4…
	https://git.kernel.org/stable/c/330f6bcdcef03f70f…
	https://git.kernel.org/stable/c/9b41a9b9c8be8c552…
	https://git.kernel.org/stable/c/518e2c46b5dbce40b…
	https://git.kernel.org/stable/c/895cdd9aa9546523d…
	https://git.kernel.org/stable/c/a1ba19a1ae7cd1e32…

Impacted products

Vendor

Product

Version

Linux

Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < e2c64246e5dc8c0d35ec41770b85e2b4cafdff21 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < eac10cf3a97ffd4b4deb0a29f57c118225a42850 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 330f6bcdcef03f70f81db5f2ed6747af656a09f2 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 9b41a9b9c8be8c552f10633453fdb509e83b66f8 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 518e2c46b5dbce40b1aa0100001d03c3ceaa7d38 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < 895cdd9aa9546523df839f9cc1488a0ecc1e0731 (git)
Affected: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 , < a1ba19a1ae7cd1e324685ded4ab563e78fe68648 (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:54.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:59.285414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:44.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/greybus/light.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "e2c64246e5dc8c0d35ec41770b85e2b4cafdff21",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "eac10cf3a97ffd4b4deb0a29f57c118225a42850",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "330f6bcdcef03f70f81db5f2ed6747af656a09f2",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "9b41a9b9c8be8c552f10633453fdb509e83b66f8",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "518e2c46b5dbce40b1aa0100001d03c3ceaa7d38",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "895cdd9aa9546523df839f9cc1488a0ecc1e0731",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            },
            {
              "lessThan": "a1ba19a1ae7cd1e324685ded4ab563e78fe68648",
              "status": "affected",
              "version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/greybus/light.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: lights: check return of get_channel_from_mode\n\nIf channel for the given node is not found we return null from\nget_channel_from_mode. Make sure we validate the return pointer\nbefore using it in two of the missing places.\n\nThis was originally reported in [0]:\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:55.660Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21"
        },
        {
          "url": "https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850"
        },
        {
          "url": "https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38"
        },
        {
          "url": "https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648"
        }
      ],
      "title": "greybus: lights: check return of get_channel_from_mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38637",
    "datePublished": "2024-06-21T10:18:25.560Z",
    "dateReserved": "2024-06-18T19:36:34.948Z",
    "dateUpdated": "2025-11-04T17:21:54.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26695 (GCVE-0-2024-26695)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:54 – Updated: 2025-05-04 12:54

Title

crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN: [ 137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002) [ 137.162647] ccp 0000:23:00.1: no command queues available [ 137.170598] ccp 0000:23:00.1: sev enabled [ 137.174645] ccp 0000:23:00.1: psp enabled [ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI [ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7] [ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311 [ 137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180 [ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c [ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216 [ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e [ 137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0 [ 137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66 [ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28 [ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8 [ 137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000 [ 137.182693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0 [ 137.182693] Call Trace: [ 137.182693] <TASK> [ 137.182693] ? show_regs+0x6c/0x80 [ 137.182693] ? __die_body+0x24/0x70 [ 137.182693] ? die_addr+0x4b/0x80 [ 137.182693] ? exc_general_protection+0x126/0x230 [ 137.182693] ? asm_exc_general_protection+0x2b/0x30 [ 137.182693] ? __sev_platform_shutdown_locked+0x51/0x180 [ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80 [ 137.182693] sev_dev_destroy+0x49/0x100 [ 137.182693] psp_dev_destroy+0x47/0xb0 [ 137.182693] sp_destroy+0xbb/0x240 [ 137.182693] sp_pci_remove+0x45/0x60 [ 137.182693] pci_device_remove+0xaa/0x1d0 [ 137.182693] device_remove+0xc7/0x170 [ 137.182693] really_probe+0x374/0xbe0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] __driver_probe_device+0x199/0x460 [ 137.182693] driver_probe_device+0x4e/0xd0 [ 137.182693] __driver_attach+0x191/0x3d0 [ 137.182693] ? __pfx___driver_attach+0x10/0x10 [ 137.182693] bus_for_each_dev+0x100/0x190 [ 137.182693] ? __pfx_bus_for_each_dev+0x10/0x10 [ 137.182693] ? __kasan_check_read+0x15/0x20 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ? _raw_spin_unlock+0x27/0x50 [ 137.182693] driver_attach+0x41/0x60 [ 137.182693] bus_add_driver+0x2a8/0x580 [ 137.182693] driver_register+0x141/0x480 [ 137.182693] __pci_register_driver+0x1d6/0x2a0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ? esrt_sysfs_init+0x1cd/0x5d0 [ 137.182693] ? __pfx_sp_mod_init+0x10/0x10 [ 137.182693] sp_pci_init+0x22/0x30 [ 137.182693] sp_mod_init+0x14/0x30 [ 137.182693] ? __pfx_sp_mod_init+0x10/0x10 [ 137.182693] do_one_initcall+0xd1/0x470 [ 137.182693] ? __pfx_do_one_initcall+0x10/0x10 [ 137.182693] ? parameq+0x80/0xf0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ? __kmalloc+0x3b0/0x4e0 [ 137.182693] ? kernel_init_freeable+0x92d/0x1050 [ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] kernel_init_freeable+0xa64/0x1050 [ 137.182693] ? __pfx_kernel_init+0x10/0x10 [ 137.182693] kernel_init+0x24/0x160 [ 137.182693] ? __switch_to_asm+0x3e/0x70 [ 137.182693] ret_from_fork+0x40/0x80 [ 137.182693] ? __pfx_kernel_init+0x1 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/58054faf3bd29cd0b…
	https://git.kernel.org/stable/c/7535ec350a5f09b57…
	https://git.kernel.org/stable/c/8731fe001a6058179…
	https://git.kernel.org/stable/c/88aa493f393d2ee38…
	https://git.kernel.org/stable/c/b5909f197f3b26aeb…
	https://git.kernel.org/stable/c/ccb88e9549e7cfd8b…

Impacted products

Vendor

Product

Version

Linux

Affected: 87af9b0b45666ca3dd6b10c0ece691c740b0f750 , < 58054faf3bd29cd0b949b77efcb6157f66f401ed (git)
Affected: f831d2882c843d44100016aeb4332e9c4b560805 , < 7535ec350a5f09b5756a7607f5582913f21200f4 (git)
Affected: 1b05ece0c931536c0a38a9385e243a7962e933f6 , < 8731fe001a60581794ed9cf65da8cd304846a6fb (git)
Affected: 1b05ece0c931536c0a38a9385e243a7962e933f6 , < 88aa493f393d2ee38ac140e1f6ac1881346e85d4 (git)
Affected: 1b05ece0c931536c0a38a9385e243a7962e933f6 , < b5909f197f3b26aebedca7d8ac7b688fd993a266 (git)
Affected: 1b05ece0c931536c0a38a9385e243a7962e933f6 , < ccb88e9549e7cfd8bcd511c538f437e20026e983 (git)
Affected: fcb04178c05b88a98921e262da9f7cb21cfff118 (git)
Affected: d87bbd10fc01b52c814113643f2707d2d10b0319 (git)

Linux

Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26695",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:52:57.346229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:55.424Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/ccp/sev-dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "58054faf3bd29cd0b949b77efcb6157f66f401ed",
              "status": "affected",
              "version": "87af9b0b45666ca3dd6b10c0ece691c740b0f750",
              "versionType": "git"
            },
            {
              "lessThan": "7535ec350a5f09b5756a7607f5582913f21200f4",
              "status": "affected",
              "version": "f831d2882c843d44100016aeb4332e9c4b560805",
              "versionType": "git"
            },
            {
              "lessThan": "8731fe001a60581794ed9cf65da8cd304846a6fb",
              "status": "affected",
              "version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
              "versionType": "git"
            },
            {
              "lessThan": "88aa493f393d2ee38ac140e1f6ac1881346e85d4",
              "status": "affected",
              "version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
              "versionType": "git"
            },
            {
              "lessThan": "b5909f197f3b26aebedca7d8ac7b688fd993a266",
              "status": "affected",
              "version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
              "versionType": "git"
            },
            {
              "lessThan": "ccb88e9549e7cfd8bcd511c538f437e20026e983",
              "status": "affected",
              "version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fcb04178c05b88a98921e262da9f7cb21cfff118",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d87bbd10fc01b52c814113643f2707d2d10b0319",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/ccp/sev-dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.10.137",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.15.61",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.18.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.19.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked\n\nThe SEV platform device can be shutdown with a null psp_master,\ne.g., using DEBUG_TEST_DRIVER_REMOVE.  Found using KASAN:\n\n[  137.148210] ccp 0000:23:00.1: enabling device (0000 -\u003e 0002)\n[  137.162647] ccp 0000:23:00.1: no command queues available\n[  137.170598] ccp 0000:23:00.1: sev enabled\n[  137.174645] ccp 0000:23:00.1: psp enabled\n[  137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI\n[  137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]\n[  137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311\n[  137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180\n[  137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 \u003c80\u003e 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c\n[  137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216\n[  137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e\n[  137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0\n[  137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66\n[  137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28\n[  137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8\n[  137.182693] FS:  0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000\n[  137.182693] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0\n[  137.182693] Call Trace:\n[  137.182693]  \u003cTASK\u003e\n[  137.182693]  ? show_regs+0x6c/0x80\n[  137.182693]  ? __die_body+0x24/0x70\n[  137.182693]  ? die_addr+0x4b/0x80\n[  137.182693]  ? exc_general_protection+0x126/0x230\n[  137.182693]  ? asm_exc_general_protection+0x2b/0x30\n[  137.182693]  ? __sev_platform_shutdown_locked+0x51/0x180\n[  137.182693]  sev_firmware_shutdown.isra.0+0x1e/0x80\n[  137.182693]  sev_dev_destroy+0x49/0x100\n[  137.182693]  psp_dev_destroy+0x47/0xb0\n[  137.182693]  sp_destroy+0xbb/0x240\n[  137.182693]  sp_pci_remove+0x45/0x60\n[  137.182693]  pci_device_remove+0xaa/0x1d0\n[  137.182693]  device_remove+0xc7/0x170\n[  137.182693]  really_probe+0x374/0xbe0\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  __driver_probe_device+0x199/0x460\n[  137.182693]  driver_probe_device+0x4e/0xd0\n[  137.182693]  __driver_attach+0x191/0x3d0\n[  137.182693]  ? __pfx___driver_attach+0x10/0x10\n[  137.182693]  bus_for_each_dev+0x100/0x190\n[  137.182693]  ? __pfx_bus_for_each_dev+0x10/0x10\n[  137.182693]  ? __kasan_check_read+0x15/0x20\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  ? _raw_spin_unlock+0x27/0x50\n[  137.182693]  driver_attach+0x41/0x60\n[  137.182693]  bus_add_driver+0x2a8/0x580\n[  137.182693]  driver_register+0x141/0x480\n[  137.182693]  __pci_register_driver+0x1d6/0x2a0\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  ? esrt_sysfs_init+0x1cd/0x5d0\n[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10\n[  137.182693]  sp_pci_init+0x22/0x30\n[  137.182693]  sp_mod_init+0x14/0x30\n[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10\n[  137.182693]  do_one_initcall+0xd1/0x470\n[  137.182693]  ? __pfx_do_one_initcall+0x10/0x10\n[  137.182693]  ? parameq+0x80/0xf0\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  ? __kmalloc+0x3b0/0x4e0\n[  137.182693]  ? kernel_init_freeable+0x92d/0x1050\n[  137.182693]  ? kasan_populate_vmalloc_pte+0x171/0x190\n[  137.182693]  ? srso_return_thunk+0x5/0x5f\n[  137.182693]  kernel_init_freeable+0xa64/0x1050\n[  137.182693]  ? __pfx_kernel_init+0x10/0x10\n[  137.182693]  kernel_init+0x24/0x160\n[  137.182693]  ? __switch_to_asm+0x3e/0x70\n[  137.182693]  ret_from_fork+0x40/0x80\n[  137.182693]  ? __pfx_kernel_init+0x1\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:27.642Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983"
        }
      ],
      "title": "crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26695",
    "datePublished": "2024-04-03T14:54:56.184Z",
    "dateReserved": "2024-02-19T14:20:24.156Z",
    "dateUpdated": "2025-05-04T12:54:27.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26862 (GCVE-0-2024-26862)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

packet: annotate data-races around ignore_outgoing

Summary

In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt write to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0: packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003 do_sock_setsockopt net/socket.c:2311 [inline] __sys_setsockopt+0x1d8/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff888107804542 of 1 bytes by task 27 on cpu 1: dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248 xmit_one net/core/dev.c:3527 [inline] dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547 __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108 batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335 worker_thread+0x526/0x730 kernel/workqueue.c:3416 kthread+0x1d1/0x210 kernel/kthread.c:388 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 value changed: 0x00 -> 0x01 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84c510411e321caff…
	https://git.kernel.org/stable/c/68e84120319d4fc29…
	https://git.kernel.org/stable/c/d35b62c224e70797f…
	https://git.kernel.org/stable/c/ef7eed7e11d233373…
	https://git.kernel.org/stable/c/2c02c5059c78a52d1…
	https://git.kernel.org/stable/c/ee413f30ec4fe94a0…
	https://git.kernel.org/stable/c/8b1e273c6afcf00d3…
	https://git.kernel.org/stable/c/6ebfad33161afacb3…

Impacted products

Vendor

Product

Version

Linux

Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < 84c510411e321caff3c07e6cd0f917f06633cfc0 (git)
Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < 68e84120319d4fc298fcdb14cf0bea6a0f64ffbd (git)
Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < d35b62c224e70797f8a1c37fe9bc4b3e294b7560 (git)
Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < ef7eed7e11d23337310ecc2c014ecaeea52719c5 (git)
Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < 2c02c5059c78a52d170bdee4a369b470de6deb37 (git)
Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < ee413f30ec4fe94a0bdf32c8f042cb06fa913234 (git)
Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < 8b1e273c6afcf00d3c40a54ada7d6aac1b503b97 (git)
Affected: fa788d986a3aac5069378ed04697bd06f83d3488 , < 6ebfad33161afacb3e1e59ed1c2feefef70f9f97 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:41:30.819714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:48:16.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/dev.c",
            "net/packet/af_packet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84c510411e321caff3c07e6cd0f917f06633cfc0",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            },
            {
              "lessThan": "68e84120319d4fc298fcdb14cf0bea6a0f64ffbd",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            },
            {
              "lessThan": "d35b62c224e70797f8a1c37fe9bc4b3e294b7560",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            },
            {
              "lessThan": "ef7eed7e11d23337310ecc2c014ecaeea52719c5",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            },
            {
              "lessThan": "2c02c5059c78a52d170bdee4a369b470de6deb37",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            },
            {
              "lessThan": "ee413f30ec4fe94a0bdf32c8f042cb06fa913234",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            },
            {
              "lessThan": "8b1e273c6afcf00d3c40a54ada7d6aac1b503b97",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            },
            {
              "lessThan": "6ebfad33161afacb3e1e59ed1c2feefef70f9f97",
              "status": "affected",
              "version": "fa788d986a3aac5069378ed04697bd06f83d3488",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/dev.c",
            "net/packet/af_packet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npacket: annotate data-races around ignore_outgoing\n\nignore_outgoing is read locklessly from dev_queue_xmit_nit()\nand packet_getsockopt()\n\nAdd appropriate READ_ONCE()/WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt\n\nwrite to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0:\n packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003\n do_sock_setsockopt net/socket.c:2311 [inline]\n __sys_setsockopt+0x1d8/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff888107804542 of 1 bytes by task 27 on cpu 1:\n dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248\n xmit_one net/core/dev.c:3527 [inline]\n dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547\n __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108\n batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline]\n batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]\n batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335\n worker_thread+0x526/0x730 kernel/workqueue.c:3416\n kthread+0x1d1/0x210 kernel/kthread.c:388\n ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n\nvalue changed: 0x00 -\u003e 0x01\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G        W          6.8.0-syzkaller-08073-g480e035fc4c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:13.163Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd"
        },
        {
          "url": "https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97"
        }
      ],
      "title": "packet: annotate data-races around ignore_outgoing",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26862",
    "datePublished": "2024-04-17T10:27:25.634Z",
    "dateReserved": "2024-02-19T14:20:24.184Z",
    "dateUpdated": "2025-05-04T08:58:13.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26636 (GCVE-0-2024-26636)

Vulnerability from cvelistv5 – Published: 2024-03-18 10:14 – Updated: 2025-05-04 08:52

Title

llc: make llc_ui_sendmsg() more robust against bonding changes

Summary

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: - Uses LL_RESERVED_SPACE() to reserve space. - Check all conditions again after socket lock is held again. - Do not account Ethernet header for mtu limitation. [1] skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0 kernel BUG at net/core/skbuff.c:193 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_panic net/core/skbuff.c:189 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 lr : skb_panic net/core/skbuff.c:189 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 sp : ffff800096f97000 x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000 x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2 x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0 x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001 x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400 x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089 Call trace: skb_panic net/core/skbuff.c:189 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 skb_push+0xf0/0x108 net/core/skbuff.c:2451 eth_header+0x44/0x1f8 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3188 [inline] llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33 llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209 llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270 llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x194/0x274 net/socket.c:767 splice_to_socket+0x7cc/0xd58 fs/splice.c:881 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088 do_splice_direct+0x20c/0x348 fs/splice.c:1194 do_sendfile+0x4bc/0xc70 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84e9d10419f6f4f3f…
	https://git.kernel.org/stable/c/b643d0defcbacd7fe…
	https://git.kernel.org/stable/c/04f2a74b562f3a749…
	https://git.kernel.org/stable/c/c22044270da688810…
	https://git.kernel.org/stable/c/6d53b813ff8b177f8…
	https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6…
	https://git.kernel.org/stable/c/c451c008f563d56d5…
	https://git.kernel.org/stable/c/dad555c816a50c6a6…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 04f2a74b562f3a7498be0399309669f342793d8c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c22044270da68881074fda81a7d34812726cb249 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6d53b813ff8b177f86f149c2f744442681f720e4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cafd3ad3fe03ef4d6632747be9ee15dc0029db4b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c451c008f563d56d5e676c9dcafae565fcad84bb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dad555c816a50c6a6a8a86be1f9177673918c647 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T15:30:36.675601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:11.012Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.780Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/llc/af_llc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "04f2a74b562f3a7498be0399309669f342793d8c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c22044270da68881074fda81a7d34812726cb249",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6d53b813ff8b177f86f149c2f744442681f720e4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cafd3ad3fe03ef4d6632747be9ee15dc0029db4b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c451c008f563d56d5e676c9dcafae565fcad84bb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dad555c816a50c6a6a8a86be1f9177673918c647",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/llc/af_llc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: make llc_ui_sendmsg() more robust against bonding changes\n\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\n\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\n\nThis fix:\n\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\n\n[1]\n\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\n\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n  skb_panic net/core/skbuff.c:189 [inline]\n  skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n  skb_push+0xf0/0x108 net/core/skbuff.c:2451\n  eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n  dev_hard_header include/linux/netdevice.h:3188 [inline]\n  llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n  llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n  llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n  llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n  llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n  llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n  llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg net/socket.c:745 [inline]\n  sock_sendmsg+0x194/0x274 net/socket.c:767\n  splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n  do_splice_from fs/splice.c:933 [inline]\n  direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n  splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n  do_splice_direct+0x20c/0x348 fs/splice.c:1194\n  do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n  __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n  __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n  __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n  __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n  invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n  el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n  do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n  el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n  el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n  el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:48.420Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
        }
      ],
      "title": "llc: make llc_ui_sendmsg() more robust against bonding changes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26636",
    "datePublished": "2024-03-18T10:14:47.795Z",
    "dateReserved": "2024-02-19T14:20:24.136Z",
    "dateUpdated": "2025-05-04T08:52:48.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52595 (GCVE-0-2023-52595)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-01-05 10:16

Title

wifi: rt2x00: restart beacon queue when hardware reset

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e1f113b57ddd18274…
	https://git.kernel.org/stable/c/69e905beca1931258…
	https://git.kernel.org/stable/c/4cc198580a7b93a36…
	https://git.kernel.org/stable/c/739b3ccd9486dff04…
	https://git.kernel.org/stable/c/04cfe4a5da57ab935…
	https://git.kernel.org/stable/c/fdb580ed05df8973a…
	https://git.kernel.org/stable/c/a11d965a218f0cd95…

Impacted products

Vendor

Product

Version

Linux

Affected: e403fa31ed71e87de8e5991e23406b8377c9c894 , < e1f113b57ddd18274d7c83618deca25cc880bc48 (git)
Affected: e403fa31ed71e87de8e5991e23406b8377c9c894 , < 69e905beca193125820c201ab3db4fb0e245124e (git)
Affected: e403fa31ed71e87de8e5991e23406b8377c9c894 , < 4cc198580a7b93a36f5beb923f40f7ae27a3716c (git)
Affected: e403fa31ed71e87de8e5991e23406b8377c9c894 , < 739b3ccd9486dff04af95f9a890846d088a84957 (git)
Affected: e403fa31ed71e87de8e5991e23406b8377c9c894 , < 04cfe4a5da57ab9358cdfadea22bcb37324aaf83 (git)
Affected: e403fa31ed71e87de8e5991e23406b8377c9c894 , < fdb580ed05df8973aa5149cafa598c64bebcd0cb (git)
Affected: e403fa31ed71e87de8e5991e23406b8377c9c894 , < a11d965a218f0cd95b13fe44d0bcd8a20ce134a8 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52595",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-06T16:31:56.163263Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:17.907Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ralink/rt2x00/rt2x00dev.c",
            "drivers/net/wireless/ralink/rt2x00/rt2x00mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e1f113b57ddd18274d7c83618deca25cc880bc48",
              "status": "affected",
              "version": "e403fa31ed71e87de8e5991e23406b8377c9c894",
              "versionType": "git"
            },
            {
              "lessThan": "69e905beca193125820c201ab3db4fb0e245124e",
              "status": "affected",
              "version": "e403fa31ed71e87de8e5991e23406b8377c9c894",
              "versionType": "git"
            },
            {
              "lessThan": "4cc198580a7b93a36f5beb923f40f7ae27a3716c",
              "status": "affected",
              "version": "e403fa31ed71e87de8e5991e23406b8377c9c894",
              "versionType": "git"
            },
            {
              "lessThan": "739b3ccd9486dff04af95f9a890846d088a84957",
              "status": "affected",
              "version": "e403fa31ed71e87de8e5991e23406b8377c9c894",
              "versionType": "git"
            },
            {
              "lessThan": "04cfe4a5da57ab9358cdfadea22bcb37324aaf83",
              "status": "affected",
              "version": "e403fa31ed71e87de8e5991e23406b8377c9c894",
              "versionType": "git"
            },
            {
              "lessThan": "fdb580ed05df8973aa5149cafa598c64bebcd0cb",
              "status": "affected",
              "version": "e403fa31ed71e87de8e5991e23406b8377c9c894",
              "versionType": "git"
            },
            {
              "lessThan": "a11d965a218f0cd95b13fe44d0bcd8a20ce134a8",
              "status": "affected",
              "version": "e403fa31ed71e87de8e5991e23406b8377c9c894",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ralink/rt2x00/rt2x00dev.c",
            "drivers/net/wireless/ralink/rt2x00/rt2x00mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: restart beacon queue when hardware reset\n\nWhen a hardware reset is triggered, all registers are reset, so all\nqueues are forced to stop in hardware interface. However, mac80211\nwill not automatically stop the queue. If we don\u0027t manually stop the\nbeacon queue, the queue will be deadlocked and unable to start again.\nThis patch fixes the issue where Apple devices cannot connect to the\nAP after calling ieee80211_restart_hw()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:27.031Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48"
        },
        {
          "url": "https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c"
        },
        {
          "url": "https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957"
        },
        {
          "url": "https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8"
        }
      ],
      "title": "wifi: rt2x00: restart beacon queue when hardware reset",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52595",
    "datePublished": "2024-03-06T06:45:25.577Z",
    "dateReserved": "2024-03-02T21:55:42.571Z",
    "dateUpdated": "2026-01-05T10:16:27.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52463 (GCVE-0-2023-52463)

Vulnerability from cvelistv5 – Published: 2024-02-23 14:46 – Updated: 2025-05-04 12:49

Title

efivarfs: force RO when remounting if SetVariable is not supported

Summary

In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar -f PK.auth PK [ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 303.280482] Mem abort info: [ 303.280854] ESR = 0x0000000086000004 [ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits [ 303.282016] SET = 0, FnV = 0 [ 303.282414] EA = 0, S1PTW = 0 [ 303.282821] FSC = 0x04: level 0 translation fault [ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000 [ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP [ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6 [ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1 [ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023 [ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 303.292123] pc : 0x0 [ 303.292443] lr : efivar_set_variable_locked+0x74/0xec [ 303.293156] sp : ffff800008673c10 [ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000 [ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027 [ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000 [ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000 [ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54 [ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4 [ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002 [ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201 [ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc [ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000 [ 303.303341] Call trace: [ 303.303679] 0x0 [ 303.303938] efivar_entry_set_get_size+0x98/0x16c [ 303.304585] efivarfs_file_write+0xd0/0x1a4 [ 303.305148] vfs_write+0xc4/0x2e4 [ 303.305601] ksys_write+0x70/0x104 [ 303.306073] __arm64_sys_write+0x1c/0x28 [ 303.306622] invoke_syscall+0x48/0x114 [ 303.307156] el0_svc_common.constprop.0+0x44/0xec [ 303.307803] do_el0_svc+0x38/0x98 [ 303.308268] el0_svc+0x2c/0x84 [ 303.308702] el0t_64_sync_handler+0xf4/0x120 [ 303.309293] el0t_64_sync+0x190/0x194 [ 303.309794] Code: ???????? ???????? ???????? ???????? (????????) [ 303.310612] ---[ end trace 0000000000000000 ]--- Fix this by adding a .reconfigure() function to the fs operations which we can use to check the requested flags and deny anything that's not RO if the firmware doesn't implement SetVariable at runtime.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/94c742324ed7e42c5…
	https://git.kernel.org/stable/c/2aa141f8bc580f8f9…
	https://git.kernel.org/stable/c/d4a9aa7db574a0da6…
	https://git.kernel.org/stable/c/0049fe7e4a85849bd…
	https://git.kernel.org/stable/c/d4a714873db0866cc…
	https://git.kernel.org/stable/c/0e8d2444168dd519f…

Impacted products

Vendor

Product

Version

Linux

Affected: f88814cc2578c121e6edef686365036db72af0ed , < 94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8 (git)
Affected: f88814cc2578c121e6edef686365036db72af0ed , < 2aa141f8bc580f8f9811dfe4e0e6009812b73826 (git)
Affected: f88814cc2578c121e6edef686365036db72af0ed , < d4a9aa7db574a0da64307729cc031fb68597aa8b (git)
Affected: f88814cc2578c121e6edef686365036db72af0ed , < 0049fe7e4a85849bdd778cdb72e51a791ff3d737 (git)
Affected: f88814cc2578c121e6edef686365036db72af0ed , < d4a714873db0866cc471521114eeac4a5072d548 (git)
Affected: f88814cc2578c121e6edef686365036db72af0ed , < 0e8d2444168dd519fea501599d150e62718ed2fe (git)
Affected: 552952e51fad35670459674bcb8a03bd96fe4646 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T20:59:53.029082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:24.597Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/efivarfs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8",
              "status": "affected",
              "version": "f88814cc2578c121e6edef686365036db72af0ed",
              "versionType": "git"
            },
            {
              "lessThan": "2aa141f8bc580f8f9811dfe4e0e6009812b73826",
              "status": "affected",
              "version": "f88814cc2578c121e6edef686365036db72af0ed",
              "versionType": "git"
            },
            {
              "lessThan": "d4a9aa7db574a0da64307729cc031fb68597aa8b",
              "status": "affected",
              "version": "f88814cc2578c121e6edef686365036db72af0ed",
              "versionType": "git"
            },
            {
              "lessThan": "0049fe7e4a85849bdd778cdb72e51a791ff3d737",
              "status": "affected",
              "version": "f88814cc2578c121e6edef686365036db72af0ed",
              "versionType": "git"
            },
            {
              "lessThan": "d4a714873db0866cc471521114eeac4a5072d548",
              "status": "affected",
              "version": "f88814cc2578c121e6edef686365036db72af0ed",
              "versionType": "git"
            },
            {
              "lessThan": "0e8d2444168dd519fea501599d150e62718ed2fe",
              "status": "affected",
              "version": "f88814cc2578c121e6edef686365036db72af0ed",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "552952e51fad35670459674bcb8a03bd96fe4646",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/efivarfs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.7.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: force RO when remounting if SetVariable is not supported\n\nIf SetVariable at runtime is not supported by the firmware we never assign\na callback for that function. At the same time mount the efivarfs as\nRO so no one can call that.  However, we never check the permission flags\nwhen someone remounts the filesystem as RW. As a result this leads to a\ncrash looking like this:\n\n$ mount -o remount,rw /sys/firmware/efi/efivars\n$ efi-updatevar -f PK.auth PK\n\n[  303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[  303.280482] Mem abort info:\n[  303.280854]   ESR = 0x0000000086000004\n[  303.281338]   EC = 0x21: IABT (current EL), IL = 32 bits\n[  303.282016]   SET = 0, FnV = 0\n[  303.282414]   EA = 0, S1PTW = 0\n[  303.282821]   FSC = 0x04: level 0 translation fault\n[  303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000\n[  303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[  303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n[  303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6\n[  303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1\n[  303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023\n[  303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  303.292123] pc : 0x0\n[  303.292443] lr : efivar_set_variable_locked+0x74/0xec\n[  303.293156] sp : ffff800008673c10\n[  303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000\n[  303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027\n[  303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000\n[  303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000\n[  303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54\n[  303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4\n[  303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002\n[  303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201\n[  303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc\n[  303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000\n[  303.303341] Call trace:\n[  303.303679]  0x0\n[  303.303938]  efivar_entry_set_get_size+0x98/0x16c\n[  303.304585]  efivarfs_file_write+0xd0/0x1a4\n[  303.305148]  vfs_write+0xc4/0x2e4\n[  303.305601]  ksys_write+0x70/0x104\n[  303.306073]  __arm64_sys_write+0x1c/0x28\n[  303.306622]  invoke_syscall+0x48/0x114\n[  303.307156]  el0_svc_common.constprop.0+0x44/0xec\n[  303.307803]  do_el0_svc+0x38/0x98\n[  303.308268]  el0_svc+0x2c/0x84\n[  303.308702]  el0t_64_sync_handler+0xf4/0x120\n[  303.309293]  el0t_64_sync+0x190/0x194\n[  303.309794] Code: ???????? ???????? ???????? ???????? (????????)\n[  303.310612] ---[ end trace 0000000000000000 ]---\n\nFix this by adding a .reconfigure() function to the fs operations which\nwe can use to check the requested flags and deny anything that\u0027s not RO\nif the firmware doesn\u0027t implement SetVariable at runtime."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:49:04.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe"
        }
      ],
      "title": "efivarfs: force RO when remounting if SetVariable is not supported",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52463",
    "datePublished": "2024-02-23T14:46:23.537Z",
    "dateReserved": "2024-02-20T12:30:33.296Z",
    "dateUpdated": "2025-05-04T12:49:04.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38601 (GCVE-0-2024-38601)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:48 – Updated: 2025-11-04 17:21

Title

ring-buffer: Fix a race between readers and resize checks

Summary

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following that, if the operation is successful, old->list.next->prev gets updated too. This means the underlying doubly-linked list is temporarily inconsistent, page->prev->next or page->next->prev might not be equal back to page for some page in the ring buffer. The resize operation in ring_buffer_resize() can be invoked in parallel. It calls rb_check_pages() which can detect the described inconsistency and stop further tracing: [ 190.271762] ------------[ cut here ]------------ [ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0 [ 190.271789] Modules linked in: [...] [ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1 [ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f [ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014 [ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0 [ 190.272023] Code: [...] [ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206 [ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80 [ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700 [ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000 [ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720 [ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000 [ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000 [ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0 [ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 190.272077] Call Trace: [ 190.272098] <TASK> [ 190.272189] ring_buffer_resize+0x2ab/0x460 [ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0 [ 190.272206] tracing_resize_ring_buffer+0x65/0x90 [ 190.272216] tracing_entries_write+0x74/0xc0 [ 190.272225] vfs_write+0xf5/0x420 [ 190.272248] ksys_write+0x67/0xe0 [ 190.272256] do_syscall_64+0x82/0x170 [ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 190.272373] RIP: 0033:0x7f1bd657d263 [ 190.272381] Code: [...] [ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263 [ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001 [ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000 [ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500 [ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002 [ 190.272412] </TASK> [ 190.272414] ---[ end trace 0000000000000000 ]--- Note that ring_buffer_resize() calls rb_check_pages() only if the parent trace_buffer has recording disabled. Recent commit d78ab792705c ("tracing: Stop current tracer when resizing buffer") causes that it is now always the case which makes it more likely to experience this issue. The window to hit this race is nonetheless very small. To help reproducing it, one can add a delay loop in rb_get_reader_page(): ret = rb_head_page_replace(reader, cpu_buffer->reader_page); if (!ret) goto spin; for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */ __asm__ __volatile__ ("" : : : "memory"); rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list; .. ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b50932ea673b5a089…
	https://git.kernel.org/stable/c/c68b7a442ee61d04c…
	https://git.kernel.org/stable/c/1e160196042cac946…
	https://git.kernel.org/stable/c/595363182f28786d6…
	https://git.kernel.org/stable/c/54c64967ba5f8658a…
	https://git.kernel.org/stable/c/af3274905b3143ea2…
	https://git.kernel.org/stable/c/5ef9e330406d3fb4f…
	https://git.kernel.org/stable/c/79b52013429a42b8e…
	https://git.kernel.org/stable/c/c2274b908db055299…

Impacted products

Vendor

Product

Version

Linux

Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < b50932ea673b5a089a4bb570a8a868d95c72854e (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 1e160196042cac946798ac192a0bc3398f1aa66b (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 595363182f28786d641666a09e674b852c83b4bb (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 54c64967ba5f8658ae7da76005024ebd3d9d8f6e (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < af3274905b3143ea23142bbf77bd9b610c54e533 (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1 (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 79b52013429a42b8efdb0cda8bb0041386abab87 (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < c2274b908db05529980ec056359fae916939fdaa (git)

Linux

Affected: 3.5
Unaffected: 0 , < 3.5 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:44.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:21.471342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:54.075Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b50932ea673b5a089a4bb570a8a868d95c72854e",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "1e160196042cac946798ac192a0bc3398f1aa66b",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "595363182f28786d641666a09e674b852c83b4bb",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "54c64967ba5f8658ae7da76005024ebd3d9d8f6e",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "af3274905b3143ea23142bbf77bd9b610c54e533",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "79b52013429a42b8efdb0cda8bb0041386abab87",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "c2274b908db05529980ec056359fae916939fdaa",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "lessThan": "3.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix a race between readers and resize checks\n\nThe reader code in rb_get_reader_page() swaps a new reader page into the\nring buffer by doing cmpxchg on old-\u003elist.prev-\u003enext to point it to the\nnew page. Following that, if the operation is successful,\nold-\u003elist.next-\u003eprev gets updated too. This means the underlying\ndoubly-linked list is temporarily inconsistent, page-\u003eprev-\u003enext or\npage-\u003enext-\u003eprev might not be equal back to page for some page in the\nring buffer.\n\nThe resize operation in ring_buffer_resize() can be invoked in parallel.\nIt calls rb_check_pages() which can detect the described inconsistency\nand stop further tracing:\n\n[  190.271762] ------------[ cut here ]------------\n[  190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0\n[  190.271789] Modules linked in: [...]\n[  190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1\n[  190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G            E      6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f\n[  190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014\n[  190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0\n[  190.272023] Code: [...]\n[  190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206\n[  190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80\n[  190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700\n[  190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000\n[  190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720\n[  190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000\n[  190.272053] FS:  00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000\n[  190.272057] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0\n[  190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  190.272077] Call Trace:\n[  190.272098]  \u003cTASK\u003e\n[  190.272189]  ring_buffer_resize+0x2ab/0x460\n[  190.272199]  __tracing_resize_ring_buffer.part.0+0x23/0xa0\n[  190.272206]  tracing_resize_ring_buffer+0x65/0x90\n[  190.272216]  tracing_entries_write+0x74/0xc0\n[  190.272225]  vfs_write+0xf5/0x420\n[  190.272248]  ksys_write+0x67/0xe0\n[  190.272256]  do_syscall_64+0x82/0x170\n[  190.272363]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  190.272373] RIP: 0033:0x7f1bd657d263\n[  190.272381] Code: [...]\n[  190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[  190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263\n[  190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001\n[  190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000\n[  190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500\n[  190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002\n[  190.272412]  \u003c/TASK\u003e\n[  190.272414] ---[ end trace 0000000000000000 ]---\n\nNote that ring_buffer_resize() calls rb_check_pages() only if the parent\ntrace_buffer has recording disabled. Recent commit d78ab792705c\n(\"tracing: Stop current tracer when resizing buffer\") causes that it is\nnow always the case which makes it more likely to experience this issue.\n\nThe window to hit this race is nonetheless very small. To help\nreproducing it, one can add a delay loop in rb_get_reader_page():\n\n ret = rb_head_page_replace(reader, cpu_buffer-\u003ereader_page);\n if (!ret)\n \tgoto spin;\n for (unsigned i = 0; i \u003c 1U \u003c\u003c 26; i++)  /* inserted delay loop */\n \t__asm__ __volatile__ (\"\" : : : \"memory\");\n rb_list_head(reader-\u003elist.next)-\u003eprev = \u0026cpu_buffer-\u003ereader_page-\u003elist;\n\n.. \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:02.077Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
        },
        {
          "url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
        }
      ],
      "title": "ring-buffer: Fix a race between readers and resize checks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38601",
    "datePublished": "2024-06-19T13:48:13.097Z",
    "dateReserved": "2024-06-18T19:36:34.933Z",
    "dateUpdated": "2025-11-04T17:21:44.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38559 (GCVE-0-2024-38559)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-11-04 17:21

Title

scsi: qedf: Ensure the copied buf is NUL terminated

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1f84a2744ad813be2…
	https://git.kernel.org/stable/c/a75001678e1d38aa6…
	https://git.kernel.org/stable/c/769b9fd2af02c0694…
	https://git.kernel.org/stable/c/dccd97b39ab2f2b1b…
	https://git.kernel.org/stable/c/d93318f19d1e1a6d5…
	https://git.kernel.org/stable/c/563e609275927c0b7…
	https://git.kernel.org/stable/c/4907f5ad246fa9b51…
	https://git.kernel.org/stable/c/177f43c6892e6055d…
	https://git.kernel.org/stable/c/d0184a375ee797eb6…

Impacted products

Vendor

Product

Version

Linux

Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 1f84a2744ad813be23fc4be99fb74bfb24aadb95 (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < a75001678e1d38aa607d5b898ec7ff8ed0700d59 (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 769b9fd2af02c069451fe9108dba73355d9a021c (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < dccd97b39ab2f2b1b9a47a1394647a4d65815255 (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < d93318f19d1e1a6d5f04f5d965eaa9055bb7c613 (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 563e609275927c0b75fbfd0d90441543aa7b5e0d (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8 (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 177f43c6892e6055de6541fe9391a8a3d1f95fc9 (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < d0184a375ee797eb657d74861ba0935b6e405c62 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38559",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T15:39:36.404554Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T14:24:43.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:27.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qedf/qedf_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1f84a2744ad813be23fc4be99fb74bfb24aadb95",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "a75001678e1d38aa607d5b898ec7ff8ed0700d59",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "769b9fd2af02c069451fe9108dba73355d9a021c",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "dccd97b39ab2f2b1b9a47a1394647a4d65815255",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "d93318f19d1e1a6d5f04f5d965eaa9055bb7c613",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "563e609275927c0b75fbfd0d90441543aa7b5e0d",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "177f43c6892e6055de6541fe9391a8a3d1f95fc9",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "d0184a375ee797eb657d74861ba0935b6e405c62",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qedf/qedf_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon\u0027t ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:05.664Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"
        },
        {
          "url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"
        },
        {
          "url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"
        },
        {
          "url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"
        },
        {
          "url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"
        },
        {
          "url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"
        }
      ],
      "title": "scsi: qedf: Ensure the copied buf is NUL terminated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38559",
    "datePublished": "2024-06-19T13:35:28.888Z",
    "dateReserved": "2024-06-18T19:36:34.922Z",
    "dateUpdated": "2025-11-04T17:21:27.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35884 (GCVE-0-2024-35884)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

udp: do not accept non-tunnel GSO skbs landing in a tunnel

Summary

In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and udp_gro_receive makes sure this isn't the case by looking for a matching socket. This is performed in udp4/6_gro_lookup_skb but only in the current netns. This is an issue with tunneled packets when the endpoint is in another netns. In such cases the packets will be GROed at the UDP level, which leads to various issues later on. The same thing can happen with rx-gro-list. We saw this with geneve packets being GROed at the UDP level. In such case gso_size is set; later the packet goes through the geneve rx path, the geneve header is pulled, the offset are adjusted and frag_list skbs are not adjusted with regard to geneve. When those skbs hit skb_fragment, it will misbehave. Different outcomes are possible depending on what the GROed skbs look like; from corrupted packets to kernel crashes. One example is a BUG_ON[1] triggered in skb_segment while processing the frag_list. Because gso_size is wrong (geneve header was pulled) skb_segment thinks there is "geneve header size" of data in frag_list, although it's in fact the next packet. The BUG_ON itself has nothing to do with the issue. This is only one of the potential issues. Looking up for a matching socket in udp_gro_receive is fragile: the lookup could be extended to all netns (not speaking about performances) but nothing prevents those packets from being modified in between and we could still not find a matching socket. It's OK to keep the current logic there as it should cover most cases but we also need to make sure we handle tunnel packets being GROed too early. This is done by extending the checks in udp_unexpected_gso: GSO packets lacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must be segmented. [1] kernel BUG at net/core/skbuff.c:4408! RIP: 0010:skb_segment+0xd2a/0xf70 __udp_gso_segment+0xaa/0x560

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3391b157780bbedf8…
	https://git.kernel.org/stable/c/d49ae15a5767d4e9e…
	https://git.kernel.org/stable/c/d12245080cb259d82…
	https://git.kernel.org/stable/c/3001e7aa43d6691db…
	https://git.kernel.org/stable/c/35fe0e0b5c00bef7d…
	https://git.kernel.org/stable/c/3d010c8031e39f5fa…

Impacted products

Vendor

Product

Version

Linux

Affected: 9fd1ff5d2ac7181844735806b0a703c942365291 , < 3391b157780bbedf8ef9f202cbf10ee90bf6b0f8 (git)
Affected: 9fd1ff5d2ac7181844735806b0a703c942365291 , < d49ae15a5767d4e9ef8bbb79e42df1bfebc94670 (git)
Affected: 9fd1ff5d2ac7181844735806b0a703c942365291 , < d12245080cb259d82b34699f6cd4ec11bdb688bd (git)
Affected: 9fd1ff5d2ac7181844735806b0a703c942365291 , < 3001e7aa43d6691db2a878b0745b854bf12ddd19 (git)
Affected: 9fd1ff5d2ac7181844735806b0a703c942365291 , < 35fe0e0b5c00bef7dde74842a2564c43856fbce4 (git)
Affected: 9fd1ff5d2ac7181844735806b0a703c942365291 , < 3d010c8031e39f5fa1e8b13ada77e0321091011f (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:37:18.298363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:46:28.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.465Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/udp.h",
            "net/ipv4/udp.c",
            "net/ipv4/udp_offload.c",
            "net/ipv6/udp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3391b157780bbedf8ef9f202cbf10ee90bf6b0f8",
              "status": "affected",
              "version": "9fd1ff5d2ac7181844735806b0a703c942365291",
              "versionType": "git"
            },
            {
              "lessThan": "d49ae15a5767d4e9ef8bbb79e42df1bfebc94670",
              "status": "affected",
              "version": "9fd1ff5d2ac7181844735806b0a703c942365291",
              "versionType": "git"
            },
            {
              "lessThan": "d12245080cb259d82b34699f6cd4ec11bdb688bd",
              "status": "affected",
              "version": "9fd1ff5d2ac7181844735806b0a703c942365291",
              "versionType": "git"
            },
            {
              "lessThan": "3001e7aa43d6691db2a878b0745b854bf12ddd19",
              "status": "affected",
              "version": "9fd1ff5d2ac7181844735806b0a703c942365291",
              "versionType": "git"
            },
            {
              "lessThan": "35fe0e0b5c00bef7dde74842a2564c43856fbce4",
              "status": "affected",
              "version": "9fd1ff5d2ac7181844735806b0a703c942365291",
              "versionType": "git"
            },
            {
              "lessThan": "3d010c8031e39f5fa1e8b13ada77e0321091011f",
              "status": "affected",
              "version": "9fd1ff5d2ac7181844735806b0a703c942365291",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/udp.h",
            "net/ipv4/udp.c",
            "net/ipv4/udp_offload.c",
            "net/ipv6/udp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: do not accept non-tunnel GSO skbs landing in a tunnel\n\nWhen rx-udp-gro-forwarding is enabled UDP packets might be GROed when\nbeing forwarded. If such packets might land in a tunnel this can cause\nvarious issues and udp_gro_receive makes sure this isn\u0027t the case by\nlooking for a matching socket. This is performed in\nudp4/6_gro_lookup_skb but only in the current netns. This is an issue\nwith tunneled packets when the endpoint is in another netns. In such\ncases the packets will be GROed at the UDP level, which leads to various\nissues later on. The same thing can happen with rx-gro-list.\n\nWe saw this with geneve packets being GROed at the UDP level. In such\ncase gso_size is set; later the packet goes through the geneve rx path,\nthe geneve header is pulled, the offset are adjusted and frag_list skbs\nare not adjusted with regard to geneve. When those skbs hit\nskb_fragment, it will misbehave. Different outcomes are possible\ndepending on what the GROed skbs look like; from corrupted packets to\nkernel crashes.\n\nOne example is a BUG_ON[1] triggered in skb_segment while processing the\nfrag_list. Because gso_size is wrong (geneve header was pulled)\nskb_segment thinks there is \"geneve header size\" of data in frag_list,\nalthough it\u0027s in fact the next packet. The BUG_ON itself has nothing to\ndo with the issue. This is only one of the potential issues.\n\nLooking up for a matching socket in udp_gro_receive is fragile: the\nlookup could be extended to all netns (not speaking about performances)\nbut nothing prevents those packets from being modified in between and we\ncould still not find a matching socket. It\u0027s OK to keep the current\nlogic there as it should cover most cases but we also need to make sure\nwe handle tunnel packets being GROed too early.\n\nThis is done by extending the checks in udp_unexpected_gso: GSO packets\nlacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must\nbe segmented.\n\n[1] kernel BUG at net/core/skbuff.c:4408!\n    RIP: 0010:skb_segment+0xd2a/0xf70\n    __udp_gso_segment+0xaa/0x560"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:33.854Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670"
        },
        {
          "url": "https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19"
        },
        {
          "url": "https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f"
        }
      ],
      "title": "udp: do not accept non-tunnel GSO skbs landing in a tunnel",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35884",
    "datePublished": "2024-05-19T08:34:40.948Z",
    "dateReserved": "2024-05-17T13:50:33.112Z",
    "dateUpdated": "2025-05-04T09:07:33.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26976 (GCVE-0-2024-26976)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:20 – Updated: 2025-05-04 09:01

Title

KVM: Always flush async #PF workqueue when vCPU is being destroyed

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure that none of its workqueue callbacks is running when the last reference to the KVM _module_ is put. Gifting a reference to the associated VM prevents the workqueue callback from dereferencing freed vCPU/VM memory, but does not prevent the KVM module from being unloaded before the callback completes. Drop the misguided VM refcount gifting, as calling kvm_put_kvm() from async_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will result in deadlock. async_pf_execute() can't return until kvm_put_kvm() finishes, and kvm_put_kvm() can't return until async_pf_execute() finishes: WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm] Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Workqueue: events async_pf_execute [kvm] RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm] Call Trace: <TASK> async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- INFO: task kworker/8:1:251 blocked for more than 120 seconds. Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000 Workqueue: events async_pf_execute [kvm] Call Trace: <TASK> __schedule+0x33f/0xa40 schedule+0x53/0xc0 schedule_timeout+0x12a/0x140 __wait_for_common+0x8d/0x1d0 __flush_work.isra.0+0x19f/0x2c0 kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm] kvm_arch_destroy_vm+0x78/0x1b0 [kvm] kvm_put_kvm+0x1c1/0x320 [kvm] async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> If kvm_clear_async_pf_completion_queue() actually flushes the workqueue, then there's no need to gift async_pf_execute() a reference because all invocations of async_pf_execute() will be forced to complete before the vCPU and its VM are destroyed/freed. And that in turn fixes the module unloading bug as __fput() won't do module_put() on the last vCPU reference until the vCPU has been freed, e.g. if closing the vCPU file also puts the last reference to the KVM module. Note that kvm_check_async_pf_completion() may also take the work item off the completion queue and so also needs to flush the work queue, as the work will not be seen by kvm_clear_async_pf_completion_queue(). Waiting on the workqueue could theoretically delay a vCPU due to waiting for the work to complete, but that's a very, very small chance, and likely a very small delay. kvm_arch_async_page_present_queued() unconditionally makes a new request, i.e. will effectively delay entering the guest, so the remaining work is really just: trace_kvm_async_pf_completed(addr, cr2_or_gpa); __kvm_vcpu_wake_up(vcpu); mmput(mm); and mmput() can't drop the last reference to the page tables if the vCPU is still alive, i.e. the vCPU won't get stuck tearing down page tables. Add a helper to do the flushing, specifically to deal with "wakeup all" work items, as they aren't actually work items, i.e. are never placed in a workqueue. Trying to flush a bogus workqueue entry rightly makes __flush_work() complain (kudos to whoever added that sanity check). Note, commit 5f6de5cbebee ("KVM: Prevent module exit until al ---truncated---

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ab2c2f5d9576112ad…
	https://git.kernel.org/stable/c/82e25cc1c2e93c302…
	https://git.kernel.org/stable/c/f8730d6335e5f43d0…
	https://git.kernel.org/stable/c/83d3c5e309611ef59…
	https://git.kernel.org/stable/c/b54478d20375874ae…
	https://git.kernel.org/stable/c/a75afe480d4349c52…
	https://git.kernel.org/stable/c/4f3a3bce428fb439c…
	https://git.kernel.org/stable/c/caa9af2e27c275e08…
	https://git.kernel.org/stable/c/3d75b8aa5c29058a5…

Impacted products

Vendor

Product

Version

Linux

Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < ab2c2f5d9576112ad22cfd3798071cb74693b1f5 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 82e25cc1c2e93c3023da98be282322fc08b61ffb (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < f8730d6335e5f43d09151fca1f0f41922209a264 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 83d3c5e309611ef593e2fcb78444fc8ceedf9bac (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < b54478d20375874aeee257744dedfd3e413432ff (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < a75afe480d4349c524d9c659b1a5a544dbc39a98 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 4f3a3bce428fb439c66a578adc447afce7b4a750 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < caa9af2e27c275e089d702cfbaaece3b42bca31b (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 3d75b8aa5c29058a512db29da7cbee8052724157 (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ab2c2f5d9576",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "82e25cc1c2e9",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "8730d6335e5",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "83d3c5e30961",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b54478d20375",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "a75afe480d43",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4f3a3bce428f",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "caa9af2e27c2",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3d75b8aa5c29",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "2.6.38"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2.6.38",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.312",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.274",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.215",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.154",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.84",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.24",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.12",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T21:06:50.709457Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T21:08:04.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/async_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ab2c2f5d9576112ad22cfd3798071cb74693b1f5",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "82e25cc1c2e93c3023da98be282322fc08b61ffb",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "f8730d6335e5f43d09151fca1f0f41922209a264",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "83d3c5e309611ef593e2fcb78444fc8ceedf9bac",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "b54478d20375874aeee257744dedfd3e413432ff",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "a75afe480d4349c524d9c659b1a5a544dbc39a98",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "4f3a3bce428fb439c66a578adc447afce7b4a750",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "caa9af2e27c275e089d702cfbaaece3b42bca31b",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "3d75b8aa5c29058a512db29da7cbee8052724157",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/async_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put.  Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock.  async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G        W          6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n  \u003cTASK\u003e\n  async_pf_execute+0x198/0x260 [kvm]\n  process_one_work+0x145/0x2d0\n  worker_thread+0x27e/0x3a0\n  kthread+0xba/0xe0\n  ret_from_fork+0x2d/0x50\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n       Tainted: G        W          6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1     state:D stack:0     pid:251   ppid:2      flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n  \u003cTASK\u003e\n  __schedule+0x33f/0xa40\n  schedule+0x53/0xc0\n  schedule_timeout+0x12a/0x140\n  __wait_for_common+0x8d/0x1d0\n  __flush_work.isra.0+0x19f/0x2c0\n  kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n  kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n  kvm_put_kvm+0x1c1/0x320 [kvm]\n  async_pf_execute+0x198/0x260 [kvm]\n  process_one_work+0x145/0x2d0\n  worker_thread+0x27e/0x3a0\n  kthread+0xba/0xe0\n  ret_from_fork+0x2d/0x50\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed.  And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue().  Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay.  kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n        trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n        __kvm_vcpu_wake_up(vcpu);\n\n        mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue.  Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:18.606Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
        },
        {
          "url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
        },
        {
          "url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
        },
        {
          "url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
        }
      ],
      "title": "KVM: Always flush async #PF workqueue when vCPU is being destroyed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26976",
    "datePublished": "2024-05-01T05:20:24.025Z",
    "dateReserved": "2024-02-19T14:20:24.203Z",
    "dateUpdated": "2025-05-04T09:01:18.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0607 (GCVE-0-2024-0607)

Vulnerability from cvelistv5 – Published: 2024-01-18 15:41 – Updated: 2025-11-20 18:09

Title

Kernel: nf_tables: pointer math issue in nft_byteorder_eval()

Summary

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

Severity ?

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-229 - Improper Handling of Values

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2024-0607	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2258635	issue-trackingx_refsource_REDHAT
	https://github.com/torvalds/linux/commit/c301f098…

Impacted products

Vendor

Product

Version

Affected: 0 , < 6.7-rc2 (semver)

Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:11:35.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0607"
          },
          {
            "name": "RHBZ#2258635",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0607",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:53:37.921736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-02T15:03:44.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "versions": [
            {
              "lessThan": "6.7-rc2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-01-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-229",
              "description": "Improper Handling of Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:09:28.624Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0607"
        },
        {
          "name": "RHBZ#2258635",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-16T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-16T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: nf_tables: pointer math issue in nft_byteorder_eval()",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel netfilter module. \n\nFor instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278"
        }
      ],
      "x_redhatCweChain": "CWE-229: Improper Handling of Values"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0607",
    "datePublished": "2024-01-18T15:41:14.425Z",
    "dateReserved": "2024-01-16T16:45:59.397Z",
    "dateUpdated": "2025-11-20T18:09:28.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52443 (GCVE-0-2023-52443)

Vulnerability from cvelistv5 – Published: 2024-02-22 16:13 – Updated: 2025-05-04 07:36

Title

apparmor: avoid crash when parsed profile name is empty

Summary

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then passed to aa_splitn_fqname(). aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace. Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later aa_alloc_profile() crashes as the new profile name is NULL now. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:strlen+0x1e/0xa0 Call Trace: <TASK> ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> ---[ end trace 0000000000000000 ]--- RIP: 0010:strlen+0x1e/0xa0 It seems such behaviour of aa_splitn_fqname() is expected and checked in other places where it is called (e.g. aa_remove_profiles). Well, there is an explicit comment "a ns name without a following profile is allowed" inside. AFAICS, nothing can prevent unpacked "name" to be in form like ":samba-dcerpcd" - it is passed from userspace. Deny the whole profile set replacement in such case and inform user with EPROTO and an explaining message. Found by Linux Verification Center (linuxtesting.org).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9286ee97aa4803d99…
	https://git.kernel.org/stable/c/1d8e62b5569cc1466…
	https://git.kernel.org/stable/c/5ff00408e5029d355…
	https://git.kernel.org/stable/c/0a12db736edbb4933…
	https://git.kernel.org/stable/c/9d4fa5fe2b1d56662…
	https://git.kernel.org/stable/c/5c0392fdafb0a2321…
	https://git.kernel.org/stable/c/77ab09b92f16c8439…
	https://git.kernel.org/stable/c/55a8210c9e7d21ff2…

Impacted products

Vendor

Product

Version

Linux

Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 9286ee97aa4803d99185768735011d0d65827c9e (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 5ff00408e5029d3550ee77f62dc15f1e15c47f87 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 0a12db736edbb4933e4274932aeea594b5876fa4 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 9d4fa5fe2b1d56662afd14915a73b4d0783ffa45 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 5c0392fdafb0a2321311900be83ffa572bef8203 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 77ab09b92f16c8439a948d1af489196953dc4a0e (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 55a8210c9e7d21ff2644809699765796d4bfb200 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T18:29:41.510350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:01.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/policy_unpack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9286ee97aa4803d99185768735011d0d65827c9e",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "5ff00408e5029d3550ee77f62dc15f1e15c47f87",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "0a12db736edbb4933e4274932aeea594b5876fa4",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "9d4fa5fe2b1d56662afd14915a73b4d0783ffa45",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "5c0392fdafb0a2321311900be83ffa572bef8203",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "77ab09b92f16c8439a948d1af489196953dc4a0e",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "55a8210c9e7d21ff2644809699765796d4bfb200",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/policy_unpack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: avoid crash when parsed profile name is empty\n\nWhen processing a packed profile in unpack_profile() described like\n\n \"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}\"\n\na string \":samba-dcerpcd\" is unpacked as a fully-qualified name and then\npassed to aa_splitn_fqname().\n\naa_splitn_fqname() treats \":samba-dcerpcd\" as only containing a namespace.\nThus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later\naa_alloc_profile() crashes as the new profile name is NULL now.\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\nRIP: 0010:strlen+0x1e/0xa0\nCall Trace:\n \u003cTASK\u003e\n ? strlen+0x1e/0xa0\n aa_policy_init+0x1bb/0x230\n aa_alloc_profile+0xb1/0x480\n unpack_profile+0x3bc/0x4960\n aa_unpack+0x309/0x15e0\n aa_replace_profiles+0x213/0x33c0\n policy_update+0x261/0x370\n profile_replace+0x20e/0x2a0\n vfs_write+0x2af/0xe00\n ksys_write+0x126/0x250\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\nRIP: 0010:strlen+0x1e/0xa0\n\nIt seems such behaviour of aa_splitn_fqname() is expected and checked in\nother places where it is called (e.g. aa_remove_profiles). Well, there\nis an explicit comment \"a ns name without a following profile is allowed\"\ninside.\n\nAFAICS, nothing can prevent unpacked \"name\" to be in form like\n\":samba-dcerpcd\" - it is passed from userspace.\n\nDeny the whole profile set replacement in such case and inform user with\nEPROTO and an explaining message.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:36:39.239Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
        },
        {
          "url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
        }
      ],
      "title": "apparmor: avoid crash when parsed profile name is empty",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52443",
    "datePublished": "2024-02-22T16:13:31.154Z",
    "dateReserved": "2024-02-20T12:30:33.291Z",
    "dateUpdated": "2025-05-04T07:36:39.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36904 (GCVE-0-2024-36904)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:11

Title

tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait hashdance"), inet_twsk_hashdance() sets TIME-WAIT socket's sk_refcnt after putting it into ehash and releasing the bucket lock. Thus, there is a small race window where other threads could try to reuse the port during connect() and call sock_hold() in tcp_twsk_unique() for the TIME-WAIT socket with zero refcnt. If that happens, the refcnt taken by tcp_twsk_unique() is overwritten and sock_put() will cause underflow, triggering a real use-after-free somewhere else. To avoid the use-after-free, we need to use refcount_inc_not_zero() in tcp_twsk_unique() and give up on reusing the port if it returns false. [0]: refcount_t: addition on 0; use-after-free. WARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110 CPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1 Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023 RIP: 0010:refcount_warn_saturate+0xe5/0x110 Code: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8 RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027 RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0 RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0 R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84 R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0 FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: <TASK> ? refcount_warn_saturate+0xe5/0x110 ? __warn+0x81/0x130 ? refcount_warn_saturate+0xe5/0x110 ? report_bug+0x171/0x1a0 ? refcount_warn_saturate+0xe5/0x110 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? refcount_warn_saturate+0xe5/0x110 tcp_twsk_unique+0x186/0x190 __inet_check_established+0x176/0x2d0 __inet_hash_connect+0x74/0x7d0 ? __pfx___inet_check_established+0x10/0x10 tcp_v4_connect+0x278/0x530 __inet_stream_connect+0x10f/0x3d0 inet_stream_connect+0x3a/0x60 __sys_connect+0xa8/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0x83/0x170 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7f62c11a885d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003 RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0 R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84546cc1aeeb4df3e…
	https://git.kernel.org/stable/c/1796ca9c6f5bd5055…
	https://git.kernel.org/stable/c/1d9cf07810c30ef79…
	https://git.kernel.org/stable/c/27b0284d8be182a81…
	https://git.kernel.org/stable/c/13ed7cdf079686ccd…
	https://git.kernel.org/stable/c/6e48faad92be13166…
	https://git.kernel.org/stable/c/517e32ea0a8c72202…
	https://git.kernel.org/stable/c/f2db7230f73a80dbb…

Impacted products

Vendor

Product

Version

Linux

Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 84546cc1aeeb4df3e444b18a4293c9823f974be9 (git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 1796ca9c6f5bd50554214053af5f47d112818ee3 (git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 1d9cf07810c30ef7948879567d10fd1f01121d34 (git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 27b0284d8be182a81feb65581ab6a724dfd596e8 (git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 13ed7cdf079686ccd3618335205700c03f6fb446 (git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 6e48faad92be13166184d21506e4e54c79c13adc (git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < 517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc (git)
Affected: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d , < f2db7230f73a80dbb179deab78f88a7947f0ab7e (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36904",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:20:22.181493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:20:38.310Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-05T08:03:30.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240905-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_ipv4.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84546cc1aeeb4df3e444b18a4293c9823f974be9",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            },
            {
              "lessThan": "1796ca9c6f5bd50554214053af5f47d112818ee3",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            },
            {
              "lessThan": "1d9cf07810c30ef7948879567d10fd1f01121d34",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            },
            {
              "lessThan": "27b0284d8be182a81feb65581ab6a724dfd596e8",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            },
            {
              "lessThan": "13ed7cdf079686ccd3618335205700c03f6fb446",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            },
            {
              "lessThan": "6e48faad92be13166184d21506e4e54c79c13adc",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            },
            {
              "lessThan": "517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            },
            {
              "lessThan": "f2db7230f73a80dbb179deab78f88a7947f0ab7e",
              "status": "affected",
              "version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_ipv4.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket\u0027s\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff \u003c0f\u003e 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS:  00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:46.007Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
        },
        {
          "url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
        },
        {
          "url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
        }
      ],
      "title": "tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36904",
    "datePublished": "2024-05-30T15:29:05.457Z",
    "dateReserved": "2024-05-30T15:25:07.067Z",
    "dateUpdated": "2025-05-04T09:11:46.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38612 (GCVE-0-2024-38612)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:56 – Updated: 2025-11-04 17:21

Title

ipv6: sr: fix invalid unregister error path

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-476 - NULL Pointer Dereference
CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/10610575a3ac2a702…
	https://git.kernel.org/stable/c/646cd236c55e2cb5f…
	https://git.kernel.org/stable/c/00e6335329f23ac6c…
	https://git.kernel.org/stable/c/1a63730fb315bb1ba…
	https://git.kernel.org/stable/c/e77a3ec7ada84543e…
	https://git.kernel.org/stable/c/3398a40dccb88d3a7…
	https://git.kernel.org/stable/c/85a70ff1e572160f1…
	https://git.kernel.org/stable/c/c04d6a914e890ccea…
	https://git.kernel.org/stable/c/160e9d2752181fcf1…

Impacted products

Vendor

Product

Version

Linux

Affected: 46738b1317e169b281ad74690276916e24d1be6d , < 10610575a3ac2a702bf5c57aa931beaf847949c7 (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < 646cd236c55e2cb5f146fc41bbe4034c4af5b2a4 (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < 00e6335329f23ac6cf3105931691674e28bc598c (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < 1a63730fb315bb1bab97edd69ff58ad45e04bb01 (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < e77a3ec7ada84543e75722a1283785a6544de925 (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < 3398a40dccb88d3a7eef378247a023a78472db66 (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < 85a70ff1e572160f1eeb096ed48d09a1c9d4d89a (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < c04d6a914e890ccea4a9d11233009a2ee7978bf4 (git)
Affected: 46738b1317e169b281ad74690276916e24d1be6d , < 160e9d2752181fcf18c662e74022d77d3164cd45 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "0610575a3ac",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "646cd236c55e",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "00e6335329f2",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "1a63730fb315",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "e77a3ec7ada8",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3398a40dccb8",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "85a70ff1e572",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "c04d6a914e89",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "160e9d275218",
                "status": "affected",
                "version": "46738b1317e1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "4.10"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4.10",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.316",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.278",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrn",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.219",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.161",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.93",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.33",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.12",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.10",
                "status": "unaffected",
                "version": "6.9.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.10-rc1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38612",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T14:07:52.263547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T14:37:58.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:46.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "10610575a3ac2a702bf5c57aa931beaf847949c7",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "646cd236c55e2cb5f146fc41bbe4034c4af5b2a4",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "00e6335329f23ac6cf3105931691674e28bc598c",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "1a63730fb315bb1bab97edd69ff58ad45e04bb01",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "e77a3ec7ada84543e75722a1283785a6544de925",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "3398a40dccb88d3a7eef378247a023a78472db66",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "85a70ff1e572160f1eeb096ed48d09a1c9d4d89a",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "c04d6a914e890ccea4a9d11233009a2ee7978bf4",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            },
            {
              "lessThan": "160e9d2752181fcf18c662e74022d77d3164cd45",
              "status": "affected",
              "version": "46738b1317e169b281ad74690276916e24d1be6d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix invalid unregister error path\n\nThe error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL\nis not defined. In that case if seg6_hmac_init() fails, the\ngenl_unregister_family() isn\u0027t called.\n\nThis issue exist since commit 46738b1317e1 (\"ipv6: sr: add option to control\nlwtunnel support\"), and commit 5559cea2d5aa (\"ipv6: sr: fix possible\nuse-after-free and null-ptr-deref\") replaced unregister_pernet_subsys()\nwith genl_unregister_family() in this error path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:17.249Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01"
        },
        {
          "url": "https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925"
        },
        {
          "url": "https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66"
        },
        {
          "url": "https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4"
        },
        {
          "url": "https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45"
        }
      ],
      "title": "ipv6: sr: fix invalid unregister error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38612",
    "datePublished": "2024-06-19T13:56:13.415Z",
    "dateReserved": "2024-06-18T19:36:34.944Z",
    "dateUpdated": "2025-11-04T17:21:46.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35902 (GCVE-0-2024-35902)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 12:56

Title

net/rds: fix possible cp null dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() - rds_get_mr_for_dest * Prior to the code above, the following assumes that cp may be NULL (which is indicative, but could itself be unnecessary) trans_private = rs->rs_transport->get_mr( sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL, args->vec.addr, args->vec.bytes, need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED); * The code modified by this patch is guarded by IS_ERR(trans_private), where trans_private is assigned as per the previous point in this analysis. The only implementation of get_mr that I could locate is rds_ib_get_mr() which can return an ERR_PTR if the conn (4th) argument is NULL. * ret is set to PTR_ERR(trans_private). rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL. Thus ret may be -ENODEV in which case the code in question will execute. Conclusion: * cp may be NULL at the point where this patch adds a check; this patch does seem to address a possible bug

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d275de8ea7be3a453…
	https://git.kernel.org/stable/c/bcd46782e2ec3825d…
	https://git.kernel.org/stable/c/cfb786b03b03c5ff3…
	https://git.kernel.org/stable/c/d49fac38479bfdaec…
	https://git.kernel.org/stable/c/cbaac2e5488ed5483…
	https://git.kernel.org/stable/c/92309bed3c5fbe2cc…
	https://git.kernel.org/stable/c/6794090c742008c53…
	https://git.kernel.org/stable/c/62fc3357e079a07a2…

Impacted products

Vendor

Product

Version

Linux

Affected: 786854141057751bc08eb26f1b02e97c1631c8f4 , < d275de8ea7be3a453629fddae41d4156762e814c (git)
Affected: 997efea2bf3a4adb96c306b9ad6a91442237bf5b , < bcd46782e2ec3825d10c1552fcb674d491cc09f9 (git)
Affected: 9dfc15a10dfd44f8ff7f27488651cb5be6af83c2 , < cfb786b03b03c5ff38882bee38525eb9987e4d14 (git)
Affected: b562ebe21ed9adcf42242797dd6cb75beef12bf0 , < d49fac38479bfdaec52b3ea274d290c47a294029 (git)
Affected: 998fd719e6d6468b930ac0c44552ea9ff8b07b80 , < cbaac2e5488ed54833897264a5ffb2a341a9f196 (git)
Affected: 2b505d05280739ce31d5708da840f42df827cb85 , < 92309bed3c5fbe2ccd4c45056efd42edbd06162d (git)
Affected: c055fc00c07be1f0df7375ab0036cebd1106ed38 , < 6794090c742008c53b344b35b021d4a3093dc50a (git)
Affected: c055fc00c07be1f0df7375ab0036cebd1106ed38 , < 62fc3357e079a07a22465b9b6ef71bb6ea75ee4b (git)
Affected: 907761307469adecb02461a14120e9a1812a5fb1 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35902",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:09:14.303997Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:18.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/rds/rdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d275de8ea7be3a453629fddae41d4156762e814c",
              "status": "affected",
              "version": "786854141057751bc08eb26f1b02e97c1631c8f4",
              "versionType": "git"
            },
            {
              "lessThan": "bcd46782e2ec3825d10c1552fcb674d491cc09f9",
              "status": "affected",
              "version": "997efea2bf3a4adb96c306b9ad6a91442237bf5b",
              "versionType": "git"
            },
            {
              "lessThan": "cfb786b03b03c5ff38882bee38525eb9987e4d14",
              "status": "affected",
              "version": "9dfc15a10dfd44f8ff7f27488651cb5be6af83c2",
              "versionType": "git"
            },
            {
              "lessThan": "d49fac38479bfdaec52b3ea274d290c47a294029",
              "status": "affected",
              "version": "b562ebe21ed9adcf42242797dd6cb75beef12bf0",
              "versionType": "git"
            },
            {
              "lessThan": "cbaac2e5488ed54833897264a5ffb2a341a9f196",
              "status": "affected",
              "version": "998fd719e6d6468b930ac0c44552ea9ff8b07b80",
              "versionType": "git"
            },
            {
              "lessThan": "92309bed3c5fbe2ccd4c45056efd42edbd06162d",
              "status": "affected",
              "version": "2b505d05280739ce31d5708da840f42df827cb85",
              "versionType": "git"
            },
            {
              "lessThan": "6794090c742008c53b344b35b021d4a3093dc50a",
              "status": "affected",
              "version": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
              "versionType": "git"
            },
            {
              "lessThan": "62fc3357e079a07a22465b9b6ef71bb6ea75ee4b",
              "status": "affected",
              "version": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "907761307469adecb02461a14120e9a1812a5fb1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/rds/rdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.19.310",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.272",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.213",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.152",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "6.1.82",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp-\u003ecp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n  - rds_get_mr()\n  - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n  (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs-\u003ers_transport-\u003eget_mr(\n\t\tsg, nents, rs, \u0026mr-\u003er_key, cp ? cp-\u003ecp_conn : NULL,\n\t\targs-\u003evec.addr, args-\u003evec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n  where trans_private is assigned as per the previous point in this analysis.\n\n  The only implementation of get_mr that I could locate is rds_ib_get_mr()\n  which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n  rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n  Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n  this patch does seem to address a possible bug"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:02.708Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14"
        },
        {
          "url": "https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196"
        },
        {
          "url": "https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a"
        },
        {
          "url": "https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b"
        }
      ],
      "title": "net/rds: fix possible cp null dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35902",
    "datePublished": "2024-05-19T08:34:55.692Z",
    "dateReserved": "2024-05-17T13:50:33.114Z",
    "dateUpdated": "2025-05-04T12:56:02.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52675 (GCVE-0-2023-52675)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:24 – Updated: 2025-05-04 07:41

Title

powerpc/imc-pmu: Add a null pointer check in update_events_in_group()

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/75fc599bcdcb1de09…
	https://git.kernel.org/stable/c/1e80aa25d186a7aa2…
	https://git.kernel.org/stable/c/5a669f3511d273c8c…
	https://git.kernel.org/stable/c/f105c263009839d80…
	https://git.kernel.org/stable/c/a2da3f9b1a1019c88…
	https://git.kernel.org/stable/c/024352f7928b28f53…
	https://git.kernel.org/stable/c/c7d828e12b326ea50…
	https://git.kernel.org/stable/c/0a233867a39078ebb…

Impacted products

Vendor

Product

Version

Linux

Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < 75fc599bcdcb1de093c9ced2e3cccc832f3787f3 (git)
Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < 1e80aa25d186a7aa212df5acd8c75f55ac8dae34 (git)
Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < 5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05 (git)
Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < f105c263009839d80fad6998324a4e1b3511cba0 (git)
Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec (git)
Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < 024352f7928b28f53609660663329d8c0f4ad032 (git)
Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < c7d828e12b326ea50fb80c369d7aa87519ed14c6 (git)
Affected: 885dcd709ba9120b9935415b8b0f9d1b94e5826b , < 0a233867a39078ebb0f575e2948593bbff5826b3 (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:39:04.688861Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:42:18.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa87519ed14c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a233867a39078ebb0f575e2948593bbff5826b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/perf/imc-pmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "75fc599bcdcb1de093c9ced2e3cccc832f3787f3",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            },
            {
              "lessThan": "1e80aa25d186a7aa212df5acd8c75f55ac8dae34",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            },
            {
              "lessThan": "5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            },
            {
              "lessThan": "f105c263009839d80fad6998324a4e1b3511cba0",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            },
            {
              "lessThan": "a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            },
            {
              "lessThan": "024352f7928b28f53609660663329d8c0f4ad032",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            },
            {
              "lessThan": "c7d828e12b326ea50fb80c369d7aa87519ed14c6",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            },
            {
              "lessThan": "0a233867a39078ebb0f575e2948593bbff5826b3",
              "status": "affected",
              "version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/perf/imc-pmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/imc-pmu: Add a null pointer check in update_events_in_group()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:41:19.518Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05"
        },
        {
          "url": "https://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec"
        },
        {
          "url": "https://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa87519ed14c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a233867a39078ebb0f575e2948593bbff5826b3"
        }
      ],
      "title": "powerpc/imc-pmu: Add a null pointer check in update_events_in_group()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52675",
    "datePublished": "2024-05-17T14:24:40.721Z",
    "dateReserved": "2024-03-07T14:49:46.886Z",
    "dateUpdated": "2025-05-04T07:41:19.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52451 (GCVE-0-2023-52451)

Vulnerability from cvelistv5 – Published: 2024-02-22 16:21 – Updated: 2025-05-04 07:36

Title

powerpc/pseries/memhp: Fix access beyond end of drmem array

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: pr_debug("Failed to hot-remove memory at %llx\n", lmb->base_addr); This was found by inspection and confirmed with KASAN: pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234 ================================================================== BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658 Read of size 8 at addr c000000364e97fd0 by task bash/949 dump_stack_lvl+0xa4/0xfc (unreliable) print_report+0x214/0x63c kasan_report+0x140/0x2e0 __asan_load8+0xa8/0xe0 dlpar_memory+0x298/0x1658 handle_dlpar_errorlog+0x130/0x1d0 dlpar_store+0x18c/0x3e0 kobj_attr_store+0x68/0xa0 sysfs_kf_write+0xc4/0x110 kernfs_fop_write_iter+0x26c/0x390 vfs_write+0x2d4/0x4e0 ksys_write+0xac/0x1a0 system_call_exception+0x268/0x530 system_call_vectored_common+0x15c/0x2ec Allocated by task 1: kasan_save_stack+0x48/0x80 kasan_set_track+0x34/0x50 kasan_save_alloc_info+0x34/0x50 __kasan_kmalloc+0xd0/0x120 __kmalloc+0x8c/0x320 kmalloc_array.constprop.0+0x48/0x5c drmem_init+0x2a0/0x41c do_one_initcall+0xe0/0x5c0 kernel_init_freeable+0x4ec/0x5a0 kernel_init+0x30/0x1e0 ret_from_kernel_user_thread+0x14/0x1c The buggy address belongs to the object at c000000364e80000 which belongs to the cache kmalloc-128k of size 131072 The buggy address is located 0 bytes to the right of allocated 98256-byte region [c000000364e80000, c000000364e97fd0) ================================================================== pseries-hotplug-mem: Failed to hot-remove memory at 0 Log failed lookups with a separate message and dereference the cursor only when it points to a valid entry.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb79613a9a704469d…
	https://git.kernel.org/stable/c/9b5f03500bc5b083c…
	https://git.kernel.org/stable/c/b582aa1f66411d4ad…
	https://git.kernel.org/stable/c/999a27b3ce9a69d54…
	https://git.kernel.org/stable/c/026fd977dc50ff4a5…
	https://git.kernel.org/stable/c/df16afba2378d9853…
	https://git.kernel.org/stable/c/708a4b59baad96c47…
	https://git.kernel.org/stable/c/bd68ffce69f6cf8dd…

Impacted products

Vendor

Product

Version

Linux

Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < bb79613a9a704469ddb8d6c6029d532a5cea384c (git)
Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < 9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7 (git)
Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < b582aa1f66411d4adcc1aa55b8c575683fb4687e (git)
Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < 999a27b3ce9a69d54ccd5db000ec3a447bc43e6d (git)
Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < 026fd977dc50ff4a5e09bfb0603557f104d3f3a0 (git)
Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < df16afba2378d985359812c865a15c05c70a967e (git)
Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < 708a4b59baad96c4718dc0bd3a3427d3ab22fedc (git)
Affected: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 , < bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52451",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T20:29:32.183324Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:57.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/platforms/pseries/hotplug-memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb79613a9a704469ddb8d6c6029d532a5cea384c",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            },
            {
              "lessThan": "9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            },
            {
              "lessThan": "b582aa1f66411d4adcc1aa55b8c575683fb4687e",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            },
            {
              "lessThan": "999a27b3ce9a69d54ccd5db000ec3a447bc43e6d",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            },
            {
              "lessThan": "026fd977dc50ff4a5e09bfb0603557f104d3f3a0",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            },
            {
              "lessThan": "df16afba2378d985359812c865a15c05c70a967e",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            },
            {
              "lessThan": "708a4b59baad96c4718dc0bd3a3427d3ab22fedc",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            },
            {
              "lessThan": "bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5",
              "status": "affected",
              "version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/platforms/pseries/hotplug-memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/memhp: Fix access beyond end of drmem array\n\ndlpar_memory_remove_by_index() may access beyond the bounds of the\ndrmem lmb array when the LMB lookup fails to match an entry with the\ngiven DRC index. When the search fails, the cursor is left pointing to\n\u0026drmem_info-\u003elmbs[drmem_info-\u003en_lmbs], which is one element past the\nlast valid entry in the array. The debug message at the end of the\nfunction then dereferences this pointer:\n\n        pr_debug(\"Failed to hot-remove memory at %llx\\n\",\n                 lmb-\u003ebase_addr);\n\nThis was found by inspection and confirmed with KASAN:\n\n  pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658\n  Read of size 8 at addr c000000364e97fd0 by task bash/949\n\n  dump_stack_lvl+0xa4/0xfc (unreliable)\n  print_report+0x214/0x63c\n  kasan_report+0x140/0x2e0\n  __asan_load8+0xa8/0xe0\n  dlpar_memory+0x298/0x1658\n  handle_dlpar_errorlog+0x130/0x1d0\n  dlpar_store+0x18c/0x3e0\n  kobj_attr_store+0x68/0xa0\n  sysfs_kf_write+0xc4/0x110\n  kernfs_fop_write_iter+0x26c/0x390\n  vfs_write+0x2d4/0x4e0\n  ksys_write+0xac/0x1a0\n  system_call_exception+0x268/0x530\n  system_call_vectored_common+0x15c/0x2ec\n\n  Allocated by task 1:\n   kasan_save_stack+0x48/0x80\n   kasan_set_track+0x34/0x50\n   kasan_save_alloc_info+0x34/0x50\n   __kasan_kmalloc+0xd0/0x120\n   __kmalloc+0x8c/0x320\n   kmalloc_array.constprop.0+0x48/0x5c\n   drmem_init+0x2a0/0x41c\n   do_one_initcall+0xe0/0x5c0\n   kernel_init_freeable+0x4ec/0x5a0\n   kernel_init+0x30/0x1e0\n   ret_from_kernel_user_thread+0x14/0x1c\n\n  The buggy address belongs to the object at c000000364e80000\n   which belongs to the cache kmalloc-128k of size 131072\n  The buggy address is located 0 bytes to the right of\n   allocated 98256-byte region [c000000364e80000, c000000364e97fd0)\n\n  ==================================================================\n  pseries-hotplug-mem: Failed to hot-remove memory at 0\n\nLog failed lookups with a separate message and dereference the\ncursor only when it points to a valid entry."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:36:49.045Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e"
        },
        {
          "url": "https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e"
        },
        {
          "url": "https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5"
        }
      ],
      "title": "powerpc/pseries/memhp: Fix access beyond end of drmem array",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52451",
    "datePublished": "2024-02-22T16:21:42.295Z",
    "dateReserved": "2024-02-20T12:30:33.293Z",
    "dateUpdated": "2025-05-04T07:36:49.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26665 (GCVE-0-2024-26665)

Vulnerability from cvelistv5 – Published: 2024-04-02 06:22 – Updated: 2025-05-04 08:53

Title

tunnels: fix out of bounds access when building IPv6 PMTU error

Summary

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x4080 vxlan_xmit+0xf61/0x5c00 dev_hard_start_xmit+0xfb/0x510 __dev_queue_xmit+0x7cd/0x32a0 br_dev_queue_push_xmit+0x39d/0x6a0 Use skb_checksum instead of csum_partial who cannot deal with non-linear SKBs.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e77bf828f1ca1c47f…
	https://git.kernel.org/stable/c/d964dd1bc1452594b…
	https://git.kernel.org/stable/c/e37cde7a5716466ff…
	https://git.kernel.org/stable/c/510c869ffa4068c5f…
	https://git.kernel.org/stable/c/7dc9feb8b1705cf00…
	https://git.kernel.org/stable/c/d75abeec401f8c86b…

Impacted products

Vendor

Product

Version

Linux

Affected: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f , < e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d (git)
Affected: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f , < d964dd1bc1452594b4207d9229c157d9386e5d8a (git)
Affected: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f , < e37cde7a5716466ff2a76f7f27f0a29b05b9a732 (git)
Affected: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f , < 510c869ffa4068c5f19ff4df51d1e2f3a30aaac1 (git)
Affected: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f , < 7dc9feb8b1705cf00de20563b6bc4831f4c99dab (git)
Affected: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f , < d75abeec401f8c86b470e7028a13fcdc87e5dd06 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.78 , ≤ 6.1.* (semver)
Unaffected: 6.6.17 , ≤ 6.6.* (semver)
Unaffected: 6.7.5 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d964dd1bc1452594b4207d9229c157d9386e5d8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e37cde7a5716466ff2a76f7f27f0a29b05b9a732"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/510c869ffa4068c5f19ff4df51d1e2f3a30aaac1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7dc9feb8b1705cf00de20563b6bc4831f4c99dab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d75abeec401f8c86b470e7028a13fcdc87e5dd06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26665",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:43.558193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:39.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/ip_tunnel_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d",
              "status": "affected",
              "version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
              "versionType": "git"
            },
            {
              "lessThan": "d964dd1bc1452594b4207d9229c157d9386e5d8a",
              "status": "affected",
              "version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
              "versionType": "git"
            },
            {
              "lessThan": "e37cde7a5716466ff2a76f7f27f0a29b05b9a732",
              "status": "affected",
              "version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
              "versionType": "git"
            },
            {
              "lessThan": "510c869ffa4068c5f19ff4df51d1e2f3a30aaac1",
              "status": "affected",
              "version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
              "versionType": "git"
            },
            {
              "lessThan": "7dc9feb8b1705cf00de20563b6bc4831f4c99dab",
              "status": "affected",
              "version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
              "versionType": "git"
            },
            {
              "lessThan": "d75abeec401f8c86b470e7028a13fcdc87e5dd06",
              "status": "affected",
              "version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/ip_tunnel_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.78",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix out of bounds access when building IPv6 PMTU error\n\nIf the ICMPv6 error is built from a non-linear skb we get the following\nsplat,\n\n  BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240\n  Read of size 4 at addr ffff88811d402c80 by task netperf/820\n  CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543\n  ...\n   kasan_report+0xd8/0x110\n   do_csum+0x220/0x240\n   csum_partial+0xc/0x20\n   skb_tunnel_check_pmtu+0xeb9/0x3280\n   vxlan_xmit_one+0x14c2/0x4080\n   vxlan_xmit+0xf61/0x5c00\n   dev_hard_start_xmit+0xfb/0x510\n   __dev_queue_xmit+0x7cd/0x32a0\n   br_dev_queue_push_xmit+0x39d/0x6a0\n\nUse skb_checksum instead of csum_partial who cannot deal with non-linear\nSKBs."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:27.768Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d964dd1bc1452594b4207d9229c157d9386e5d8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e37cde7a5716466ff2a76f7f27f0a29b05b9a732"
        },
        {
          "url": "https://git.kernel.org/stable/c/510c869ffa4068c5f19ff4df51d1e2f3a30aaac1"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dc9feb8b1705cf00de20563b6bc4831f4c99dab"
        },
        {
          "url": "https://git.kernel.org/stable/c/d75abeec401f8c86b470e7028a13fcdc87e5dd06"
        }
      ],
      "title": "tunnels: fix out of bounds access when building IPv6 PMTU error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26665",
    "datePublished": "2024-04-02T06:22:14.264Z",
    "dateReserved": "2024-02-19T14:20:24.149Z",
    "dateUpdated": "2025-05-04T08:53:27.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38596 (GCVE-0-2024-38596)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:45 – Updated: 2025-11-04 17:21

Title

af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

Summary

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28: unix_release_sock (net/unix/af_unix.c:640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket.c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fca6072e1a7b1e709…
	https://git.kernel.org/stable/c/de6641d213373fbde…
	https://git.kernel.org/stable/c/4d51845d734a4c5d0…
	https://git.kernel.org/stable/c/9aa8773abfa0e9541…
	https://git.kernel.org/stable/c/8299e4d778f664b31…
	https://git.kernel.org/stable/c/0688d4e499bee3f27…
	https://git.kernel.org/stable/c/a4c88072abcaca593…
	https://git.kernel.org/stable/c/a52fa2addfcccc2c5…
	https://git.kernel.org/stable/c/540bf24fba16b88c1…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fca6072e1a7b1e709ada5604b951513b89b4bd0a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < de6641d213373fbde9bbdd7c4b552254bc9f82fe (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4d51845d734a4c5d079e56e0916f936a55e15055 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9aa8773abfa0e954136875b4cbf2df4cf638e8a5 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8299e4d778f664b31b67cf4cf3d5409de2ecb92c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0688d4e499bee3f2749bca27329bd128686230cb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a4c88072abcaca593cefe70f90e9d3707526e8f9 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a52fa2addfcccc2c5a0217fd45562605088c018b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 540bf24fba16b88c1b3b9353927204b4f1074e25 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:40.772Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:37.376960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:54.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/unix/af_unix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fca6072e1a7b1e709ada5604b951513b89b4bd0a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "de6641d213373fbde9bbdd7c4b552254bc9f82fe",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4d51845d734a4c5d079e56e0916f936a55e15055",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9aa8773abfa0e954136875b4cbf2df4cf638e8a5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8299e4d778f664b31b67cf4cf3d5409de2ecb92c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0688d4e499bee3f2749bca27329bd128686230cb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a4c88072abcaca593cefe70f90e9d3707526e8f9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a52fa2addfcccc2c5a0217fd45562605088c018b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "540bf24fba16b88c1b3b9353927204b4f1074e25",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/unix/af_unix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk-\u003esk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -\u003e 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk-\u003esk_shutdown.\")\naddressed a comparable issue in the past regarding sk-\u003esk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:55.180Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"
        },
        {
          "url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"
        },
        {
          "url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"
        },
        {
          "url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"
        }
      ],
      "title": "af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38596",
    "datePublished": "2024-06-19T13:45:45.984Z",
    "dateReserved": "2024-06-18T19:36:34.931Z",
    "dateUpdated": "2025-11-04T17:21:40.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27410 (GCVE-0-2024-27410)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:50 – Updated: 2025-06-19 12:39

Title

wifi: nl80211: reject iftype change with mesh ID change

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has, causing cfg80211_change_iface() to do wrong things when switching. We could probably allow setting an interface to mesh while setting the mesh ID at the same time by doing a different order of operations here, but realistically there's no userspace that's going to do this, so just disallow changes in iftype when setting mesh ID.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/930e826962d9f01dc…
	https://git.kernel.org/stable/c/177d574be4b58f832…
	https://git.kernel.org/stable/c/a2add961a5ed25cfd…
	https://git.kernel.org/stable/c/f78c1375339a291cb…

Impacted products

Vendor

Product

Version

Linux

Affected: 7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 , < 930e826962d9f01dcd2220176134427358d112f2 (git)
Affected: 7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 , < 177d574be4b58f832354ab1ef5a297aa0c9aa2df (git)
Affected: 7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 , < a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838 (git)
Affected: 7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 , < f78c1375339a291cba492a70eaf12ec501d28a8e (git)
Affected: 7a53ad13c09150076b7ddde96c2dfc5622c90b45 (git)

Linux

Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:39:36.191312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:43:50.161Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/nl80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "930e826962d9f01dcd2220176134427358d112f2",
              "status": "affected",
              "version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
              "versionType": "git"
            },
            {
              "lessThan": "177d574be4b58f832354ab1ef5a297aa0c9aa2df",
              "status": "affected",
              "version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
              "versionType": "git"
            },
            {
              "lessThan": "a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838",
              "status": "affected",
              "version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
              "versionType": "git"
            },
            {
              "lessThan": "f78c1375339a291cba492a70eaf12ec501d28a8e",
              "status": "affected",
              "version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7a53ad13c09150076b7ddde96c2dfc5622c90b45",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/nl80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.19.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject iftype change with mesh ID change\n\nIt\u0027s currently possible to change the mesh ID when the\ninterface isn\u0027t yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev-\u003eu union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\n\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere\u0027s no userspace that\u0027s going to do this, so just\ndisallow changes in iftype when setting mesh ID."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:39:17.711Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"
        },
        {
          "url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"
        }
      ],
      "title": "wifi: nl80211: reject iftype change with mesh ID change",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27410",
    "datePublished": "2024-05-17T11:50:43.212Z",
    "dateReserved": "2024-02-25T13:47:42.682Z",
    "dateUpdated": "2025-06-19T12:39:17.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27396 (GCVE-0-2024-27396)

Vulnerability from cvelistv5 – Published: 2024-05-09 16:37 – Updated: 2025-05-04 12:55

Title

net: gtp: Fix Use-After-Free in gtp_dellink

Summary

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/07b20d0a3dc13fb1a…
	https://git.kernel.org/stable/c/718df1bc226c383dd…
	https://git.kernel.org/stable/c/0caff3e6390f84066…
	https://git.kernel.org/stable/c/2e74b3fd6bf542349…
	https://git.kernel.org/stable/c/25a1c2d4b1fcf9383…
	https://git.kernel.org/stable/c/2aacd4de454775829…
	https://git.kernel.org/stable/c/cd957d1716ec979d8…
	https://git.kernel.org/stable/c/f2a904107ee2b647b…

Impacted products

Vendor

Product

Version

Linux

Affected: 043a283d24f40fea4c8a8d06b0e2694c8e372200 , < 07b20d0a3dc13fb1adff10b60021a4924498da58 (git)
Affected: c185e1d6e2752a4b656c3ca878c525fa11f55757 , < 718df1bc226c383dd803397d7f5d95557eb81ac7 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 2e74b3fd6bf542349758f283676dff3660327c07 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 25a1c2d4b1fcf938356a9688a96a6456abd44b29 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 2aacd4de45477582993f8a8abb9505a06426bfb6 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < f2a904107ee2b647bb7794a1a82b67740d7c8a64 (git)
Affected: a29c4303930bc0c25ae6a4f365dcdef71447b4ea (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T15:23:40.567279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:11.173Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "07b20d0a3dc13fb1adff10b60021a4924498da58",
              "status": "affected",
              "version": "043a283d24f40fea4c8a8d06b0e2694c8e372200",
              "versionType": "git"
            },
            {
              "lessThan": "718df1bc226c383dd803397d7f5d95557eb81ac7",
              "status": "affected",
              "version": "c185e1d6e2752a4b656c3ca878c525fa11f55757",
              "versionType": "git"
            },
            {
              "lessThan": "0caff3e6390f840666b8dc1ecebf985c2ef3f1dd",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "2e74b3fd6bf542349758f283676dff3660327c07",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "25a1c2d4b1fcf938356a9688a96a6456abd44b29",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "2aacd4de45477582993f8a8abb9505a06426bfb6",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "cd957d1716ec979d8f5bf38fc659aeb9fdaa2474",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "f2a904107ee2b647bb7794a1a82b67740d7c8a64",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a29c4303930bc0c25ae6a4f365dcdef71447b4ea",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.19.93",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.162",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:30.840Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
        },
        {
          "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
        },
        {
          "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
        },
        {
          "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
        }
      ],
      "title": "net: gtp: Fix Use-After-Free in gtp_dellink",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27396",
    "datePublished": "2024-05-09T16:37:18.867Z",
    "dateReserved": "2024-02-25T13:47:42.677Z",
    "dateUpdated": "2025-05-04T12:55:30.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52880 (GCVE-0-2023-52880)

Vulnerability from cvelistv5 – Published: 2024-05-24 15:33 – Updated: 2026-01-05 10:17

Title

tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7d303dee473ba3529…
	https://git.kernel.org/stable/c/7a529c9023a197ab3…
	https://git.kernel.org/stable/c/ada28eb4b9561aab9…
	https://git.kernel.org/stable/c/2d154a54c58f9c837…
	https://git.kernel.org/stable/c/2b85977977cbd1205…
	https://git.kernel.org/stable/c/67c37756898a5a6b2…

Impacted products

Vendor

Product

Version

Linux

Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 7d303dee473ba3529d75b63491e9963342107bed (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 7a529c9023a197ab3bf09bb95df32a3813f7ba58 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < ada28eb4b9561aab93942f3224a2e41d76fe57fa (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 2b85977977cbd120591b23c2450e90a5806a7167 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 67c37756898a5a6b2941a13ae7260c89b54e0d88 (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T19:10:27.057428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:31.686Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7d303dee473ba3529d75b63491e9963342107bed",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "7a529c9023a197ab3bf09bb95df32a3813f7ba58",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "ada28eb4b9561aab93942f3224a2e41d76fe57fa",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "2b85977977cbd120591b23c2450e90a5806a7167",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "67c37756898a5a6b2941a13ae7260c89b54e0d88",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc\n\nAny unprivileged user can attach N_GSM0710 ldisc, but it requires\nCAP_NET_ADMIN to create a GSM network anyway.\n\nRequire initial namespace CAP_NET_ADMIN to do that."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:51.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
        },
        {
          "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
        },
        {
          "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
        }
      ],
      "title": "tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52880",
    "datePublished": "2024-05-24T15:33:17.439Z",
    "dateReserved": "2024-05-21T15:35:00.781Z",
    "dateUpdated": "2026-01-05T10:17:51.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27045 (GCVE-0-2024-27045)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2025-05-04 09:03

Title

drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ff28893c96c5e0927…
	https://git.kernel.org/stable/c/440f059837418fac1…
	https://git.kernel.org/stable/c/d346b3e5b25c95d50…
	https://git.kernel.org/stable/c/ad76fd30557d6a106…
	https://git.kernel.org/stable/c/eb9327af3621d26b1…
	https://git.kernel.org/stable/c/cf114d8d4a8d78df2…
	https://git.kernel.org/stable/c/4b09715f1504f1b6e…

Impacted products

Vendor

Product

Version

Linux

Affected: c06e09b76639657f284bfaf1cce29557a2515e85 , < ff28893c96c5e0927a4da10cd24a3522ca663515 (git)
Affected: c06e09b76639657f284bfaf1cce29557a2515e85 , < 440f059837418fac1695b65d3ebc6080d33be877 (git)
Affected: c06e09b76639657f284bfaf1cce29557a2515e85 , < d346b3e5b25c95d504478507eb867cd3818775ab (git)
Affected: c06e09b76639657f284bfaf1cce29557a2515e85 , < ad76fd30557d6a106c481e4606a981221ca525f7 (git)
Affected: c06e09b76639657f284bfaf1cce29557a2515e85 , < eb9327af3621d26b1d83f767c97a3fe8191a3a65 (git)
Affected: c06e09b76639657f284bfaf1cce29557a2515e85 , < cf114d8d4a8d78df272116a745bb43b48cef65f4 (git)
Affected: c06e09b76639657f284bfaf1cce29557a2515e85 , < 4b09715f1504f1b6e8dff0e9643630610bc05141 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff28893c96c5e0927a4da10cd24a3522ca663515"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/440f059837418fac1695b65d3ebc6080d33be877"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d346b3e5b25c95d504478507eb867cd3818775ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad76fd30557d6a106c481e4606a981221ca525f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eb9327af3621d26b1d83f767c97a3fe8191a3a65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf114d8d4a8d78df272116a745bb43b48cef65f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b09715f1504f1b6e8dff0e9643630610bc05141"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27045",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:44:14.603651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:32.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ff28893c96c5e0927a4da10cd24a3522ca663515",
              "status": "affected",
              "version": "c06e09b76639657f284bfaf1cce29557a2515e85",
              "versionType": "git"
            },
            {
              "lessThan": "440f059837418fac1695b65d3ebc6080d33be877",
              "status": "affected",
              "version": "c06e09b76639657f284bfaf1cce29557a2515e85",
              "versionType": "git"
            },
            {
              "lessThan": "d346b3e5b25c95d504478507eb867cd3818775ab",
              "status": "affected",
              "version": "c06e09b76639657f284bfaf1cce29557a2515e85",
              "versionType": "git"
            },
            {
              "lessThan": "ad76fd30557d6a106c481e4606a981221ca525f7",
              "status": "affected",
              "version": "c06e09b76639657f284bfaf1cce29557a2515e85",
              "versionType": "git"
            },
            {
              "lessThan": "eb9327af3621d26b1d83f767c97a3fe8191a3a65",
              "status": "affected",
              "version": "c06e09b76639657f284bfaf1cce29557a2515e85",
              "versionType": "git"
            },
            {
              "lessThan": "cf114d8d4a8d78df272116a745bb43b48cef65f4",
              "status": "affected",
              "version": "c06e09b76639657f284bfaf1cce29557a2515e85",
              "versionType": "git"
            },
            {
              "lessThan": "4b09715f1504f1b6e8dff0e9643630610bc05141",
              "status": "affected",
              "version": "c06e09b76639657f284bfaf1cce29557a2515e85",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a potential buffer overflow in \u0027dp_dsc_clock_en_read()\u0027\n\nTell snprintf() to store at most 10 bytes in the output buffer\ninstead of 30.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:03:01.141Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ff28893c96c5e0927a4da10cd24a3522ca663515"
        },
        {
          "url": "https://git.kernel.org/stable/c/440f059837418fac1695b65d3ebc6080d33be877"
        },
        {
          "url": "https://git.kernel.org/stable/c/d346b3e5b25c95d504478507eb867cd3818775ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad76fd30557d6a106c481e4606a981221ca525f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb9327af3621d26b1d83f767c97a3fe8191a3a65"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf114d8d4a8d78df272116a745bb43b48cef65f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b09715f1504f1b6e8dff0e9643630610bc05141"
        }
      ],
      "title": "drm/amd/display: Fix a potential buffer overflow in \u0027dp_dsc_clock_en_read()\u0027",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27045",
    "datePublished": "2024-05-01T12:54:18.138Z",
    "dateReserved": "2024-02-19T14:20:24.213Z",
    "dateUpdated": "2025-05-04T09:03:01.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26901 (GCVE-0-2024-26901)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:59

Title

do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak

Summary

In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. [1] "BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x100 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline] do_sys_name_to_handle fs/fhandle.c:73 [inline] __do_sys_name_to_handle_at fs/fhandle.c:112 [inline] __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94 __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94 ... Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc+0x121/0x3c0 mm/slab_common.c:1020 kmalloc include/linux/slab.h:604 [inline] do_sys_name_to_handle fs/fhandle.c:39 [inline] __do_sys_name_to_handle_at fs/fhandle.c:112 [inline] __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94 __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94 ... Bytes 18-19 of 20 are uninitialized Memory access of size 20 starts at ffff888128a46380 Data copied to user address 0000000020000240" Per Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to solve the problem.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4bac28f441e3cc9d3…
	https://git.kernel.org/stable/c/772a7def9868091da…
	https://git.kernel.org/stable/c/cde76b3af247f6154…
	https://git.kernel.org/stable/c/423b6bdf19bbc5e1f…
	https://git.kernel.org/stable/c/e6450d5e46a737a00…
	https://git.kernel.org/stable/c/c1362eae861db28b1…
	https://git.kernel.org/stable/c/cba138f1ef37ec6f9…
	https://git.kernel.org/stable/c/bf9ec1b24ab4e9434…
	https://git.kernel.org/stable/c/3948abaa4e2be938c…

Impacted products

Vendor

Product

Version

Linux

Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1 (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < cde76b3af247f615447bcfecf610bb76c3529126 (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 423b6bdf19bbc5e1f7e7461045099917378f7e71 (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < e6450d5e46a737a008b4885aa223486113bf0ad6 (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < c1362eae861db28b1608b9dc23e49634fe87b63b (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < cba138f1ef37ec6f961baeab62f312dedc7cf730 (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < bf9ec1b24ab4e94345aa1c60811dd329f069c38b (git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 3948abaa4e2be938ccdfc289385a27342fb13d43 (git)

Linux

Affected: 2.6.39
Unaffected: 0 , < 2.6.39 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26901",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T15:11:22.418196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T19:03:33.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/fhandle.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "cde76b3af247f615447bcfecf610bb76c3529126",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "423b6bdf19bbc5e1f7e7461045099917378f7e71",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "e6450d5e46a737a008b4885aa223486113bf0ad6",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "c1362eae861db28b1608b9dc23e49634fe87b63b",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "cba138f1ef37ec6f961baeab62f312dedc7cf730",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "bf9ec1b24ab4e94345aa1c60811dd329f069c38b",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            },
            {
              "lessThan": "3948abaa4e2be938ccdfc289385a27342fb13d43",
              "status": "affected",
              "version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/fhandle.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n\nsyzbot identified a kernel information leak vulnerability in\ndo_sys_name_to_handle() and issued the following report [1].\n\n[1]\n\"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n do_sys_name_to_handle fs/fhandle.c:73 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n __do_kmalloc_node mm/slab_common.c:1006 [inline]\n __kmalloc+0x121/0x3c0 mm/slab_common.c:1020\n kmalloc include/linux/slab.h:604 [inline]\n do_sys_name_to_handle fs/fhandle.c:39 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nBytes 18-19 of 20 are uninitialized\nMemory access of size 20 starts at ffff888128a46380\nData copied to user address 0000000020000240\"\n\nPer Chuck Lever\u0027s suggestion, use kzalloc() instead of kmalloc() to\nsolve the problem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:15.310Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
        },
        {
          "url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
        }
      ],
      "title": "do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26901",
    "datePublished": "2024-04-17T10:27:50.374Z",
    "dateReserved": "2024-02-19T14:20:24.187Z",
    "dateUpdated": "2025-05-04T08:59:15.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26817 (GCVE-0-2024-26817)

Vulnerability from cvelistv5 – Published: 2024-04-13 11:17 – Updated: 2025-11-04 18:29

Title

amdkfd: use calloc instead of kzalloc to avoid integer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e6721ea845fcb93a7…
	https://git.kernel.org/stable/c/8b0564704255c6b3c…
	https://git.kernel.org/stable/c/fcbd99b3c73309107…
	https://git.kernel.org/stable/c/cbac7de1d9901521e…
	https://git.kernel.org/stable/c/e6768c6737f4c02cb…
	https://git.kernel.org/stable/c/315eb3c2df7e4cb18…
	https://git.kernel.org/stable/c/0c33d11153949310d…
	https://git.kernel.org/stable/c/3b0daecfeac0103ab…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < e6721ea845fcb93a764a92bd40f1afc0d6c69751 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 8b0564704255c6b3c6a7188e86939f754e1577c0 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < fcbd99b3c73309107e3be71f20dff9414df64f91 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < cbac7de1d9901521e78cdc34e15451df3611f2ad (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < e6768c6737f4c02cba193a3339f0cc2907f0b86a (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 0c33d11153949310d76631d8f4a4736519eacd3a (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 3b0daecfeac0103aba8b293df07a0cbaf8b43f29 (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-15T12:56:37.523191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:41.285Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:59.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TH6JK7ZZMSXSVHOJKIMSSOC6EQM4WV/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6721ea845fcb93a764a92bd40f1afc0d6c69751",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "8b0564704255c6b3c6a7188e86939f754e1577c0",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "fcbd99b3c73309107e3be71f20dff9414df64f91",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "cbac7de1d9901521e78cdc34e15451df3611f2ad",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "e6768c6737f4c02cba193a3339f0cc2907f0b86a",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "0c33d11153949310d76631d8f4a4736519eacd3a",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "3b0daecfeac0103aba8b293df07a0cbaf8b43f29",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\namdkfd: use calloc instead of kzalloc to avoid integer overflow\n\nThis uses calloc instead of doing the multiplication which might\noverflow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:32.138Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
        },
        {
          "url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
        }
      ],
      "title": "amdkfd: use calloc instead of kzalloc to avoid integer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26817",
    "datePublished": "2024-04-13T11:17:08.764Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-11-04T18:29:59.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26923 (GCVE-0-2024-26923)

Vulnerability from cvelistv5 – Published: 2024-04-24 21:49 – Updated: 2025-05-04 08:59

Title

af_unix: Fix garbage collector racing against connect()

Summary

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V's fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc() ---------------- ------------------------- ----------- NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a36ae0ec2353015f0…
	https://git.kernel.org/stable/c/343c5372d5e17b306…
	https://git.kernel.org/stable/c/2e2a03787f4f0abc0…
	https://git.kernel.org/stable/c/e76c2678228f6aec7…
	https://git.kernel.org/stable/c/b75722be422c276b6…
	https://git.kernel.org/stable/c/507cc232ffe53a352…
	https://git.kernel.org/stable/c/dbdf7bec5c9202000…
	https://git.kernel.org/stable/c/47d8ac011fe1c9251…

Impacted products

Vendor

Product

Version

Linux

Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < a36ae0ec2353015f0f6762e59f4c2dbc0c906423 (git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 343c5372d5e17b306db5f8f3c895539b06e3177f (git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 2e2a03787f4f0abc0072350654ab0ef3324d9db3 (git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < e76c2678228f6aec74b305ae30c9374cc2f28a51 (git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < b75722be422c276b699200de90527d01c602ea7c (git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 507cc232ffe53a352847893f8177d276c3b532a9 (git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < dbdf7bec5c920200077d693193f989cb1513f009 (git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 47d8ac011fe1c9251070e1bd64cb10b48193ec51 (git)

Linux

Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T19:34:43.753Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a36ae0ec2353015f0f6762e59f4c2dbc0c906423"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/343c5372d5e17b306db5f8f3c895539b06e3177f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e2a03787f4f0abc0072350654ab0ef3324d9db3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e76c2678228f6aec74b305ae30c9374cc2f28a51"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b75722be422c276b699200de90527d01c602ea7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/507cc232ffe53a352847893f8177d276c3b532a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbdf7bec5c920200077d693193f989cb1513f009"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47d8ac011fe1c9251070e1bd64cb10b48193ec51"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/unix/garbage.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a36ae0ec2353015f0f6762e59f4c2dbc0c906423",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            },
            {
              "lessThan": "343c5372d5e17b306db5f8f3c895539b06e3177f",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            },
            {
              "lessThan": "2e2a03787f4f0abc0072350654ab0ef3324d9db3",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            },
            {
              "lessThan": "e76c2678228f6aec74b305ae30c9374cc2f28a51",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            },
            {
              "lessThan": "b75722be422c276b699200de90527d01c602ea7c",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            },
            {
              "lessThan": "507cc232ffe53a352847893f8177d276c3b532a9",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            },
            {
              "lessThan": "dbdf7bec5c920200077d693193f989cb1513f009",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            },
            {
              "lessThan": "47d8ac011fe1c9251070e1bd64cb10b48193ec51",
              "status": "affected",
              "version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/unix/garbage.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix garbage collector racing against connect()\n\nGarbage collector does not take into account the risk of embryo getting\nenqueued during the garbage collection. If such embryo has a peer that\ncarries SCM_RIGHTS, two consecutive passes of scan_children() may see a\ndifferent set of children. Leading to an incorrectly elevated inflight\ncount, and then a dangling pointer within the gc_inflight_list.\n\nsockets are AF_UNIX/SOCK_STREAM\nS is an unconnected socket\nL is a listening in-flight socket bound to addr, not in fdtable\nV\u0027s fd will be passed via sendmsg(), gets inflight count bumped\n\nconnect(S, addr)\tsendmsg(S, [V]); close(V)\t__unix_gc()\n----------------\t-------------------------\t-----------\n\nNS = unix_create1()\nskb1 = sock_wmalloc(NS)\nL = unix_find_other(addr)\nunix_state_lock(L)\nunix_peer(S) = NS\n\t\t\t// V count=1 inflight=0\n\n \t\t\tNS = unix_peer(S)\n \t\t\tskb2 = sock_alloc()\n\t\t\tskb_queue_tail(NS, skb2[V])\n\n\t\t\t// V became in-flight\n\t\t\t// V count=2 inflight=1\n\n\t\t\tclose(V)\n\n\t\t\t// V count=1 inflight=1\n\t\t\t// GC candidate condition met\n\n\t\t\t\t\t\tfor u in gc_inflight_list:\n\t\t\t\t\t\t  if (total_refs == inflight_refs)\n\t\t\t\t\t\t    add u to gc_candidates\n\n\t\t\t\t\t\t// gc_candidates={L, V}\n\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t  scan_children(u, dec_inflight)\n\n\t\t\t\t\t\t// embryo (skb1) was not\n\t\t\t\t\t\t// reachable from L yet, so V\u0027s\n\t\t\t\t\t\t// inflight remains unchanged\n__skb_queue_tail(L, skb1)\nunix_state_unlock(L)\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t  if (u.inflight)\n\t\t\t\t\t\t    scan_children(u, inc_inflight_move_tail)\n\n\t\t\t\t\t\t// V count=1 inflight=2 (!)\n\nIf there is a GC-candidate listening socket, lock/unlock its state. This\nmakes GC wait until the end of any ongoing connect() to that socket. After\nflipping the lock, a possibly SCM-laden embryo is already enqueued. And if\nthere is another embryo coming, it can not possibly carry SCM_RIGHTS. At\nthis point, unix_inflight() can not happen because unix_gc_lock is already\ntaken. Inflight graph remains unaffected."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:47.874Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a36ae0ec2353015f0f6762e59f4c2dbc0c906423"
        },
        {
          "url": "https://git.kernel.org/stable/c/343c5372d5e17b306db5f8f3c895539b06e3177f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e2a03787f4f0abc0072350654ab0ef3324d9db3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e76c2678228f6aec74b305ae30c9374cc2f28a51"
        },
        {
          "url": "https://git.kernel.org/stable/c/b75722be422c276b699200de90527d01c602ea7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/507cc232ffe53a352847893f8177d276c3b532a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbdf7bec5c920200077d693193f989cb1513f009"
        },
        {
          "url": "https://git.kernel.org/stable/c/47d8ac011fe1c9251070e1bd64cb10b48193ec51"
        }
      ],
      "title": "af_unix: Fix garbage collector racing against connect()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26923",
    "datePublished": "2024-04-24T21:49:22.001Z",
    "dateReserved": "2024-02-19T14:20:24.194Z",
    "dateUpdated": "2025-05-04T08:59:47.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35805 (GCVE-0-2024-35805)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2026-01-05 10:35

Title

dm snapshot: fix lockup in dm_exception_table_exit

Summary

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions. Fix this by adding "cond_resched" to the loop that frees the exceptions.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e7d4cff57c3c43fdd…
	https://git.kernel.org/stable/c/9759ff196e7d248bc…
	https://git.kernel.org/stable/c/116562e804ffc9dc6…
	https://git.kernel.org/stable/c/3d47eb405781cc512…
	https://git.kernel.org/stable/c/e50f83061ac250f90…
	https://git.kernel.org/stable/c/fa5c055800a7fd49a…
	https://git.kernel.org/stable/c/5f4ad4d0b09432962…
	https://git.kernel.org/stable/c/6e7132ed3c07bd8a6…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e7d4cff57c3c43fdd72342c78d4138f509c7416e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9759ff196e7d248bcf8386a7451d6ff8537a7d9c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 116562e804ffc9dc600adab6326dde31d72262c7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3d47eb405781cc5127deca9a14e24b27696087a1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e50f83061ac250f90710757a3e51b70a200835e2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fa5c055800a7fd49a36bbb52593aca4ea986a366 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5f4ad4d0b0943296287313db60b3f84df4aad683 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:42:41.586817Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:22.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-snap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e7d4cff57c3c43fdd72342c78d4138f509c7416e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9759ff196e7d248bcf8386a7451d6ff8537a7d9c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "116562e804ffc9dc600adab6326dde31d72262c7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3d47eb405781cc5127deca9a14e24b27696087a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e50f83061ac250f90710757a3e51b70a200835e2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fa5c055800a7fd49a36bbb52593aca4ea986a366",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5f4ad4d0b0943296287313db60b3f84df4aad683",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-snap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm snapshot: fix lockup in dm_exception_table_exit\n\nThere was reported lockup when we exit a snapshot with many exceptions.\nFix this by adding \"cond_resched\" to the loop that frees the exceptions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:18.882Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e"
        },
        {
          "url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc"
        }
      ],
      "title": "dm snapshot: fix lockup in dm_exception_table_exit",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35805",
    "datePublished": "2024-05-17T13:23:13.554Z",
    "dateReserved": "2024-05-17T12:19:12.342Z",
    "dateUpdated": "2026-01-05T10:35:18.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26874 (GCVE-0-2024-26874)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/accdac6b71d5a2b84…
	https://git.kernel.org/stable/c/dfde84cc6c589f2a9…
	https://git.kernel.org/stable/c/4688be96d20ffa49d…
	https://git.kernel.org/stable/c/9beec711a17245b85…
	https://git.kernel.org/stable/c/d2bd30c710475b2e2…
	https://git.kernel.org/stable/c/a3dd12b64ae8373a4…
	https://git.kernel.org/stable/c/9acee29a38b4d4b70…
	https://git.kernel.org/stable/c/3fc88b246a2fc1601…
	https://git.kernel.org/stable/c/c958e86e9cc1b48ca…

Impacted products

Vendor

Product

Version

Linux

Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < accdac6b71d5a2b84040c3d2234f53a60edc398e (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < dfde84cc6c589f2a9f820f12426d97365670b731 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 4688be96d20ffa49d2186523ee84f475f316fd49 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 9beec711a17245b853d64488fd5b739031612340 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < d2bd30c710475b2e29288827d2c91f9e6e2b91d7 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < a3dd12b64ae8373a41a216a0b621df224210860a (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 9acee29a38b4d4b70f1f583e5ef9a245db4db710 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 3fc88b246a2fc16014e374040fc15af1d3752535 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < c958e86e9cc1b48cac004a6e245154dfba8e163b (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T14:01:58.775611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:21.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "accdac6b71d5a2b84040c3d2234f53a60edc398e",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "dfde84cc6c589f2a9f820f12426d97365670b731",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "4688be96d20ffa49d2186523ee84f475f316fd49",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "9beec711a17245b853d64488fd5b739031612340",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "d2bd30c710475b2e29288827d2c91f9e6e2b91d7",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "a3dd12b64ae8373a41a216a0b621df224210860a",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "9acee29a38b4d4b70f1f583e5ef9a245db4db710",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "3fc88b246a2fc16014e374040fc15af1d3752535",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "c958e86e9cc1b48cac004a6e245154dfba8e163b",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip\n\nIt\u0027s possible that mtk_crtc-\u003eevent is NULL in\nmtk_drm_crtc_finish_page_flip().\n\npending_needs_vblank value is set by mtk_crtc-\u003eevent, but in\nmtk_drm_crtc_atomic_flush(), it\u0027s is not guarded by the same\nlock in mtk_drm_finish_page_flip(), thus a race condition happens.\n\nConsider the following case:\n\nCPU1                              CPU2\nstep 1:\nmtk_drm_crtc_atomic_begin()\nmtk_crtc-\u003eevent is not null,\n                                  step 1:\n                                  mtk_drm_crtc_atomic_flush:\n                                  mtk_drm_crtc_update_config(\n                                      !!mtk_crtc-\u003eevent)\nstep 2:\nmtk_crtc_ddp_irq -\u003e\nmtk_drm_finish_page_flip:\nlock\nmtk_crtc-\u003eevent set to null,\npending_needs_vblank set to false\nunlock\n                                  pending_needs_vblank set to true,\n\n                                  step 2:\n                                  mtk_crtc_ddp_irq -\u003e\n                                  mtk_drm_finish_page_flip called again,\n                                  pending_needs_vblank is still true\n                                  //null pointer\n\nInstead of guarding the entire mtk_drm_crtc_atomic_flush(), it\u0027s more\nefficient to just check if mtk_crtc-\u003eevent is null before use."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:35.767Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731"
        },
        {
          "url": "https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49"
        },
        {
          "url": "https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535"
        },
        {
          "url": "https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b"
        }
      ],
      "title": "drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26874",
    "datePublished": "2024-04-17T10:27:33.278Z",
    "dateReserved": "2024-02-19T14:20:24.185Z",
    "dateUpdated": "2025-05-04T08:58:35.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26851 (GCVE-0-2024-26851)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2025-05-04 08:57

Title

netfilter: nf_conntrack_h323: Add protection for bmp length out of range

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux get_bitmap(b=75) + 712 <net/netfilter/nf_conntrack_h323_asn1.c:0> vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956 <net/netfilter/nf_conntrack_h323_asn1.c:592> vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216 <net/netfilter/nf_conntrack_h323_asn1.c:814> vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812 <net/netfilter/nf_conntrack_h323_asn1.c:576> vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216 <net/netfilter/nf_conntrack_h323_asn1.c:814> vmlinux DecodeRasMessage() + 304 <net/netfilter/nf_conntrack_h323_asn1.c:833> vmlinux ras_help() + 684 <net/netfilter/nf_conntrack_h323_main.c:1728> vmlinux nf_confirm() + 188 <net/netfilter/nf_conntrack_proto.c:137> Due to abnormal data in skb->data, the extension bitmap length exceeds 32 when decoding ras message then uses the length to make a shift operation. It will change into negative after several loop. UBSAN load could detect a negative shift as an undefined behaviour and reports exception. So we add the protection to avoid the length exceeding 32. Or else it will return out of range error and stop decoding.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/98db42191329c679f…
	https://git.kernel.org/stable/c/4bafcc43baf7bcf93…
	https://git.kernel.org/stable/c/ccd1108b16ab572d9…
	https://git.kernel.org/stable/c/b3c0f553820516ad4…
	https://git.kernel.org/stable/c/39001e3c42000e7c2…
	https://git.kernel.org/stable/c/014a807f1cc9c9d51…
	https://git.kernel.org/stable/c/80ee5054435a11c87…
	https://git.kernel.org/stable/c/767146637efc528b5…

Impacted products

Vendor

Product

Version

Linux

Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 98db42191329c679f4ca52bec0b319689e1ad8cb (git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 4bafcc43baf7bcf93566394dbd15726b5b456b7a (git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < ccd1108b16ab572d9bf635586b0925635dbd6bbc (git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < b3c0f553820516ad4b62a9390ecd28d6f73a7b13 (git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 39001e3c42000e7c2038717af0d33c32319ad591 (git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 014a807f1cc9c9d5173c1cd935835553b00d211c (git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 80ee5054435a11c87c9a4f30f1ff750080c96416 (git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 767146637efc528b5e3d31297df115e85a2fd362 (git)

Linux

Affected: 2.6.17
Unaffected: 0 , < 2.6.17 (semver)
Unaffected: 4.19.310 , ≤ 4.19.* (semver)
Unaffected: 5.4.272 , ≤ 5.4.* (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.82 , ≤ 6.1.* (semver)
Unaffected: 6.6.22 , ≤ 6.6.* (semver)
Unaffected: 6.7.10 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26851",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T17:33:25.792652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T17:33:34.212Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.704Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_h323_asn1.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "98db42191329c679f4ca52bec0b319689e1ad8cb",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            },
            {
              "lessThan": "4bafcc43baf7bcf93566394dbd15726b5b456b7a",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            },
            {
              "lessThan": "ccd1108b16ab572d9bf635586b0925635dbd6bbc",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            },
            {
              "lessThan": "b3c0f553820516ad4b62a9390ecd28d6f73a7b13",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            },
            {
              "lessThan": "39001e3c42000e7c2038717af0d33c32319ad591",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            },
            {
              "lessThan": "014a807f1cc9c9d5173c1cd935835553b00d211c",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            },
            {
              "lessThan": "80ee5054435a11c87c9a4f30f1ff750080c96416",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            },
            {
              "lessThan": "767146637efc528b5e3d31297df115e85a2fd362",
              "status": "affected",
              "version": "5e35941d990123f155b02d5663e51a24f816b6f3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_h323_asn1.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.17"
            },
            {
              "lessThan": "2.6.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.310",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.310",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.272",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.22",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.10",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux   get_bitmap(b=75) + 712\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:0\u003e\nvmlinux   decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:592\u003e\nvmlinux   decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux   decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:576\u003e\nvmlinux   decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux   DecodeRasMessage() + 304\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:833\u003e\nvmlinux   ras_help() + 684\n\u003cnet/netfilter/nf_conntrack_h323_main.c:1728\u003e\nvmlinux   nf_confirm() + 188\n\u003cnet/netfilter/nf_conntrack_proto.c:137\u003e\n\nDue to abnormal data in skb-\u003edata, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:57.098Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
        },
        {
          "url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
        },
        {
          "url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
        },
        {
          "url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
        },
        {
          "url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
        }
      ],
      "title": "netfilter: nf_conntrack_h323: Add protection for bmp length out of range",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26851",
    "datePublished": "2024-04-17T10:17:15.298Z",
    "dateReserved": "2024-02-19T14:20:24.183Z",
    "dateUpdated": "2025-05-04T08:57:57.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35947 (GCVE-0-2024-35947)

Vulnerability from cvelistv5 – Published: 2024-05-19 11:14 – Updated: 2026-01-05 10:36

Title

dyndbg: fix old BUG_ON in >control parser

Summary

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3c718bddddca9cbef…
	https://git.kernel.org/stable/c/343081c21e56bd669…
	https://git.kernel.org/stable/c/41d8ac238ab1cab01…
	https://git.kernel.org/stable/c/ba3c118cff7bcb0fe…
	https://git.kernel.org/stable/c/a66c869b17c4c4dcf…
	https://git.kernel.org/stable/c/a69e1bdd777ce5106…
	https://git.kernel.org/stable/c/529e1852785599160…
	https://git.kernel.org/stable/c/00e7d3bea2ce7dac7…

Impacted products

Vendor

Product

Version

Linux

Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < 3c718bddddca9cbef177ac475b94c5c91147fb38 (git)
Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < 343081c21e56bd6690d342e2f5ae8c00183bf081 (git)
Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < 41d8ac238ab1cab01a8c71798d61903304f4e79b (git)
Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561 (git)
Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < a66c869b17c4c4dcf81d273b02cb0efe88e127ab (git)
Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < a69e1bdd777ce51061111dc419801e8a2fd241cc (git)
Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < 529e1852785599160415e964ca322ee7add7aef0 (git)
Affected: 9898abb3d23311fa227a7f46bf4e40fd2954057f , < 00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:11:33.420262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:12:02.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/343081c21e56bd6690d342e2f5ae8c00183bf081"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41d8ac238ab1cab01a8c71798d61903304f4e79b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a66c869b17c4c4dcf81d273b02cb0efe88e127ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a69e1bdd777ce51061111dc419801e8a2fd241cc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/529e1852785599160415e964ca322ee7add7aef0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/dynamic_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3c718bddddca9cbef177ac475b94c5c91147fb38",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            },
            {
              "lessThan": "343081c21e56bd6690d342e2f5ae8c00183bf081",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            },
            {
              "lessThan": "41d8ac238ab1cab01a8c71798d61903304f4e79b",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            },
            {
              "lessThan": "ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            },
            {
              "lessThan": "a66c869b17c4c4dcf81d273b02cb0efe88e127ab",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            },
            {
              "lessThan": "a69e1bdd777ce51061111dc419801e8a2fd241cc",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            },
            {
              "lessThan": "529e1852785599160415e964ca322ee7add7aef0",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            },
            {
              "lessThan": "00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c",
              "status": "affected",
              "version": "9898abb3d23311fa227a7f46bf4e40fd2954057f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/dynamic_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndyndbg: fix old BUG_ON in \u003econtrol parser\n\nFix a BUG_ON from 2009.  Even if it looks \"unreachable\" (I didn\u0027t\nreally look), lets make sure by removing it, doing pr_err and return\n-EINVAL instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:04.287Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38"
        },
        {
          "url": "https://git.kernel.org/stable/c/343081c21e56bd6690d342e2f5ae8c00183bf081"
        },
        {
          "url": "https://git.kernel.org/stable/c/41d8ac238ab1cab01a8c71798d61903304f4e79b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561"
        },
        {
          "url": "https://git.kernel.org/stable/c/a66c869b17c4c4dcf81d273b02cb0efe88e127ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/a69e1bdd777ce51061111dc419801e8a2fd241cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/529e1852785599160415e964ca322ee7add7aef0"
        },
        {
          "url": "https://git.kernel.org/stable/c/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c"
        }
      ],
      "title": "dyndbg: fix old BUG_ON in \u003econtrol parser",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35947",
    "datePublished": "2024-05-19T11:14:49.924Z",
    "dateReserved": "2024-05-17T13:50:33.133Z",
    "dateUpdated": "2026-01-05T10:36:04.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-22099 (GCVE-0-2024-22099)

Vulnerability from cvelistv5 – Published: 2024-01-25 07:02 – Updated: 2025-06-05 19:44

Title

NULL pointer deference in rfcomm_check_security in Linux kernel

Summary

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Anolis

References

URL

Tags

	https://bugzilla.openanolis.cn/show_bug.cgi?id=7956
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.debian.org/debian-lts-announce/2024…
	https://lists.debian.org/debian-lts-announce/2024…

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Affected: v2.6.12-rc2 , < v6.8-rc1 (custom)

Credits

Yuxuan-Hu <20373622@buaa.edu.cn>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22099",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-29T19:53:29.673847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-05T19:44:19.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://mirrors.openanolis.cn/anolis/",
          "defaultStatus": "unaffected",
          "modules": [
            "net",
            "bluetooth"
          ],
          "packageName": "kernel",
          "platforms": [
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Linux kernel",
          "programFiles": [
            "https://gitee.com/anolis/cloud-kernel/blob/release-5.10/net/bluetooth/rfcomm/core.c"
          ],
          "repo": "https://gitee.com/anolis/cloud-kernel.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v6.8-rc1",
              "status": "affected",
              "version": "v2.6.12-rc2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Yuxuan-Hu \u003c20373622@buaa.edu.cn\u003e"
        }
      ],
      "datePublic": "2024-01-19T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003e/net/bluetooth/rfcomm/core.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Linux kernel: v2.6.12-rc2.\u003c/p\u003e"
            }
          ],
          "value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T12:08:47.749Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\"\u003ehttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/"
        }
      ],
      "source": {
        "advisory": "Not yet",
        "discovery": "INTERNAL"
      },
      "title": "NULL pointer deference in rfcomm_check_security in Linux kernel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2024-22099",
    "datePublished": "2024-01-25T07:02:59.928Z",
    "dateReserved": "2024-01-15T09:44:45.533Z",
    "dateUpdated": "2025-06-05T19:44:19.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26749 (GCVE-0-2024-26749)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() ... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ... 'priv_req' actually free at cdns3_gadget_ep_free_request(). But list_del_init() use priv_req->list after it. [ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4 [ 1542.642868][ T534] [ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3): [ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4 [ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3] [ 1542.671571][ T534] usb_ep_disable+0x44/0xe4 [ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8 [ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368 [ 1542.685478][ T534] ffs_func_disable+0x18/0x28 Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this problem.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cfa9abb5570c489da…
	https://git.kernel.org/stable/c/b40328eea93c75a56…
	https://git.kernel.org/stable/c/4e5c73b15d95452c1…
	https://git.kernel.org/stable/c/2134e9906e17b1e52…
	https://git.kernel.org/stable/c/29e42e1578a10c611…
	https://git.kernel.org/stable/c/9a07244f614bc417d…
	https://git.kernel.org/stable/c/cd45f99034b0c8c9c…

Impacted products

Vendor

Product

Version

Linux

Affected: 7733f6c32e36ff9d7adadf40001039bf219b1cbe , < cfa9abb5570c489dabf6f7fb3a066cc576fc8824 (git)
Affected: 7733f6c32e36ff9d7adadf40001039bf219b1cbe , < b40328eea93c75a5645891408010141a0159f643 (git)
Affected: 7733f6c32e36ff9d7adadf40001039bf219b1cbe , < 4e5c73b15d95452c1ba9c771dd013a3fbe052ff3 (git)
Affected: 7733f6c32e36ff9d7adadf40001039bf219b1cbe , < 2134e9906e17b1e5284300fab547869ebacfd7d9 (git)
Affected: 7733f6c32e36ff9d7adadf40001039bf219b1cbe , < 29e42e1578a10c611b3f1a38f3229b2d664b5d16 (git)
Affected: 7733f6c32e36ff9d7adadf40001039bf219b1cbe , < 9a07244f614bc417de527b799da779dcae780b5d (git)
Affected: 7733f6c32e36ff9d7adadf40001039bf219b1cbe , < cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:51:44.326857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:16.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/cdns3/cdns3-gadget.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cfa9abb5570c489dabf6f7fb3a066cc576fc8824",
              "status": "affected",
              "version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
              "versionType": "git"
            },
            {
              "lessThan": "b40328eea93c75a5645891408010141a0159f643",
              "status": "affected",
              "version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
              "versionType": "git"
            },
            {
              "lessThan": "4e5c73b15d95452c1ba9c771dd013a3fbe052ff3",
              "status": "affected",
              "version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
              "versionType": "git"
            },
            {
              "lessThan": "2134e9906e17b1e5284300fab547869ebacfd7d9",
              "status": "affected",
              "version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
              "versionType": "git"
            },
            {
              "lessThan": "29e42e1578a10c611b3f1a38f3229b2d664b5d16",
              "status": "affected",
              "version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
              "versionType": "git"
            },
            {
              "lessThan": "9a07244f614bc417de527b799da779dcae780b5d",
              "status": "affected",
              "version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
              "versionType": "git"
            },
            {
              "lessThan": "cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6",
              "status": "affected",
              "version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/cdns3/cdns3-gadget.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()\n\n  ...\n  cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, \u0026priv_req-\u003erequest);\n  list_del_init(\u0026priv_req-\u003elist);\n  ...\n\n\u0027priv_req\u0027 actually free at cdns3_gadget_ep_free_request(). But\nlist_del_init() use priv_req-\u003elist after it.\n\n[ 1542.642868][  T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4\n[ 1542.642868][  T534]\n[ 1542.653162][  T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):\n[ 1542.660311][  T534]  __list_del_entry_valid+0x10/0xd4\n[ 1542.665375][  T534]  cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]\n[ 1542.671571][  T534]  usb_ep_disable+0x44/0xe4\n[ 1542.675948][  T534]  ffs_func_eps_disable+0x64/0xc8\n[ 1542.680839][  T534]  ffs_func_set_alt+0x74/0x368\n[ 1542.685478][  T534]  ffs_func_disable+0x18/0x28\n\nMove list_del_init() before cdns3_gadget_ep_free_request() to resolve this\nproblem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:37.922Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824"
        },
        {
          "url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3"
        },
        {
          "url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6"
        }
      ],
      "title": "usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26749",
    "datePublished": "2024-04-03T17:00:35.762Z",
    "dateReserved": "2024-02-19T14:20:24.169Z",
    "dateUpdated": "2025-05-04T08:55:37.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27001 (GCVE-0-2024-27001)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2025-11-04 17:16

Title

comedi: vmk80xx: fix incomplete endpoint checking

Summary

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or interrupt type, and current version of vmk80xx_find_usb_endpoints() function does not take that fully into account. While this warning does not seem to be too harmful, at the very least it will crash systems with 'panic_on_warn' set on them. Fix the issue found by Syzkaller [1] by somewhat simplifying the endpoint checking process with usb_find_common_endpoints() and ensuring that only expected endpoint types are present. This patch has not been tested on real hardware. [1] Syzkaller report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline] vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818 comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067 usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399 ... Similar issue also found by Syzkaller:

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3a63ae0348d990e13…
	https://git.kernel.org/stable/c/a3b8ae7e9297dd453…
	https://git.kernel.org/stable/c/f15370e315976198f…
	https://git.kernel.org/stable/c/b0b268eeb087e324e…
	https://git.kernel.org/stable/c/ac882d6b21bffecb5…
	https://git.kernel.org/stable/c/59f33af9796160f85…
	https://git.kernel.org/stable/c/6ec3514a7d35ad9cf…
	https://git.kernel.org/stable/c/d1718530e3f640b7d…

Impacted products

Vendor

Product

Version

Linux

Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < 3a63ae0348d990e137cca04eced5b08379969ea9 (git)
Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < a3b8ae7e9297dd453f2977b011c5bc75eb20e71b (git)
Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < f15370e315976198f338b41611f37ce82af6cf54 (git)
Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < b0b268eeb087e324ef3ea71f8e6cabd07630517f (git)
Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < ac882d6b21bffecb57bcc4486701239eef5aa67b (git)
Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < 59f33af9796160f851641d960bd93937f282c696 (git)
Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < 6ec3514a7d35ad9cfab600187612c29f669069d2 (git)
Affected: 49253d542cc0f5f771dc254d248162a2a666649d , < d1718530e3f640b7d5f0050e725216eab57a85d8 (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T14:56:33.918930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T14:56:44.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:17.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/vmk80xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a63ae0348d990e137cca04eced5b08379969ea9",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "a3b8ae7e9297dd453f2977b011c5bc75eb20e71b",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "f15370e315976198f338b41611f37ce82af6cf54",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "b0b268eeb087e324ef3ea71f8e6cabd07630517f",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "ac882d6b21bffecb57bcc4486701239eef5aa67b",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "59f33af9796160f851641d960bd93937f282c696",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "6ec3514a7d35ad9cfab600187612c29f669069d2",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "d1718530e3f640b7d5f0050e725216eab57a85d8",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/vmk80xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix incomplete endpoint checking\n\nWhile vmk80xx does have endpoint checking implemented, some things\ncan fall through the cracks. Depending on the hardware model,\nURBs can have either bulk or interrupt type, and current version\nof vmk80xx_find_usb_endpoints() function does not take that fully\ninto account. While this warning does not seem to be too harmful,\nat the very least it will crash systems with \u0027panic_on_warn\u0027 set on\nthem.\n\nFix the issue found by Syzkaller [1] by somewhat simplifying the\nendpoint checking process with usb_find_common_endpoints() and\nensuring that only expected endpoint types are present.\n\nThis patch has not been tested on real hardware.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59\n vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]\n vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818\n comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067\n usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399\n...\n\nSimilar issue also found by Syzkaller:"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:53.102Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
        },
        {
          "url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
        }
      ],
      "title": "comedi: vmk80xx: fix incomplete endpoint checking",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27001",
    "datePublished": "2024-05-01T05:28:40.341Z",
    "dateReserved": "2024-02-19T14:20:24.207Z",
    "dateUpdated": "2025-11-04T17:16:17.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36953 (GCVE-0-2024-36953)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2025-05-04 09:12

Title

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4404465a1bee3607a…
	https://git.kernel.org/stable/c/17db92da8be5dd3bf…
	https://git.kernel.org/stable/c/3a5b0378ac6776c7c…
	https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f…
	https://git.kernel.org/stable/c/01981276d64e542c1…
	https://git.kernel.org/stable/c/6ddb4f372fc632100…

Impacted products

Vendor

Product

Version

Linux

Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 4404465a1bee3607ad90a4c5f9e16dfd75b85728 (git)
Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 17db92da8be5dd3bf63c01f4109fe47db64fc66f (git)
Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 3a5b0378ac6776c7c31b18e0f3c1389bd6005e80 (git)
Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 8d6a1c8e3de36cb0f5e866f1a582b00939e23104 (git)
Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 01981276d64e542c177b243f7c979fee855d5487 (git)
Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 6ddb4f372fc63210034b903d96ebbeb3c7195adb (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:25:29.061156Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T18:46:17.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kvm/vgic/vgic-kvm-device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4404465a1bee3607ad90a4c5f9e16dfd75b85728",
              "status": "affected",
              "version": "7d450e2821710718fd6703e9c486249cee913bab",
              "versionType": "git"
            },
            {
              "lessThan": "17db92da8be5dd3bf63c01f4109fe47db64fc66f",
              "status": "affected",
              "version": "7d450e2821710718fd6703e9c486249cee913bab",
              "versionType": "git"
            },
            {
              "lessThan": "3a5b0378ac6776c7c31b18e0f3c1389bd6005e80",
              "status": "affected",
              "version": "7d450e2821710718fd6703e9c486249cee913bab",
              "versionType": "git"
            },
            {
              "lessThan": "8d6a1c8e3de36cb0f5e866f1a582b00939e23104",
              "status": "affected",
              "version": "7d450e2821710718fd6703e9c486249cee913bab",
              "versionType": "git"
            },
            {
              "lessThan": "01981276d64e542c177b243f7c979fee855d5487",
              "status": "affected",
              "version": "7d450e2821710718fd6703e9c486249cee913bab",
              "versionType": "git"
            },
            {
              "lessThan": "6ddb4f372fc63210034b903d96ebbeb3c7195adb",
              "status": "affected",
              "version": "7d450e2821710718fd6703e9c486249cee913bab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kvm/vgic/vgic-kvm-device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()\n\nvgic_v2_parse_attr() is responsible for finding the vCPU that matches\nthe user-provided CPUID, which (of course) may not be valid. If the ID\nis invalid, kvm_get_vcpu_by_id() returns NULL, which isn\u0027t handled\ngracefully.\n\nSimilar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()\nactually returns something and fail the ioctl if not."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:43.875Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
        },
        {
          "url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
        },
        {
          "url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
        }
      ],
      "title": "KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36953",
    "datePublished": "2024-05-30T15:35:48.070Z",
    "dateReserved": "2024-05-30T15:25:07.080Z",
    "dateUpdated": "2025-05-04T09:12:43.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36919 (GCVE-0-2024-36919)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2026-01-05 10:36

Title

scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as these fields won't be used any longer. The offload and upload calls are sequential, hence lock is not required. This will suppress following BUG_ON(): [ 449.843143] ------------[ cut here ]------------ [ 449.848302] kernel BUG at mm/vmalloc.c:2727! [ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1 Rebooting. [ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016 [ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc] [ 449.882910] RIP: 0010:vunmap+0x2e/0x30 [ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 <0f> 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41 [ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206 [ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005 [ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000 [ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf [ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000 [ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0 [ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000 [ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0 [ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 449.993028] Call Trace: [ 449.995756] __iommu_dma_free+0x96/0x100 [ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc] [ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc] [ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc] [ 450.018136] fc_rport_work+0x103/0x5b0 [libfc] [ 450.023103] process_one_work+0x1e8/0x3c0 [ 450.027581] worker_thread+0x50/0x3b0 [ 450.031669] ? rescuer_thread+0x370/0x370 [ 450.036143] kthread+0x149/0x170 [ 450.039744] ? set_kthread_struct+0x40/0x40 [ 450.044411] ret_from_fork+0x22/0x30 [ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls [ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler [ 450.159753] ---[ end trace 712de2c57c64abc8 ]---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/468f3e3c150763383…
	https://git.kernel.org/stable/c/acd370c1fb86b7302…
	https://git.kernel.org/stable/c/ad498539dda0816aa…
	https://git.kernel.org/stable/c/93aa5ccc44781bdfe…
	https://git.kernel.org/stable/c/1150606d47d711d5b…
	https://git.kernel.org/stable/c/c885ab23206b1f1ba…
	https://git.kernel.org/stable/c/ea50941cd8c9f0b12…
	https://git.kernel.org/stable/c/c214ed2a4dda35b30…

Impacted products

Vendor

Product

Version

Linux

Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < 468f3e3c15076338367b0945b041105b67cf31e3 (git)
Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < acd370c1fb86b7302c1cbb354a7c1cd9953768eb (git)
Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < ad498539dda0816aadef384ec117bfea304c75c3 (git)
Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < 93aa5ccc44781bdfef1bf0bc4c2c292d45251312 (git)
Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < 1150606d47d711d5bfdf329a1a96ed7027085936 (git)
Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < c885ab23206b1f1ba0731ffe7c9455c6a91db256 (git)
Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < ea50941cd8c9f0b12f38b73d3b1bfeca660dd342 (git)
Affected: 619c5cb6885b936c44ae1422ef805b69c6291485 , < c214ed2a4dda35b308b0b28eed804d7ae66401f9 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-07T14:28:01.393911Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-07T14:28:19.585Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-05T08:03:33.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240905-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/bnx2fc/bnx2fc_tgt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "468f3e3c15076338367b0945b041105b67cf31e3",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            },
            {
              "lessThan": "acd370c1fb86b7302c1cbb354a7c1cd9953768eb",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            },
            {
              "lessThan": "ad498539dda0816aadef384ec117bfea304c75c3",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            },
            {
              "lessThan": "93aa5ccc44781bdfef1bf0bc4c2c292d45251312",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            },
            {
              "lessThan": "1150606d47d711d5bfdf329a1a96ed7027085936",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            },
            {
              "lessThan": "c885ab23206b1f1ba0731ffe7c9455c6a91db256",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            },
            {
              "lessThan": "ea50941cd8c9f0b12f38b73d3b1bfeca660dd342",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            },
            {
              "lessThan": "c214ed2a4dda35b308b0b28eed804d7ae66401f9",
              "status": "affected",
              "version": "619c5cb6885b936c44ae1422ef805b69c6291485",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/bnx2fc/bnx2fc_tgt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload\n\nThe session resources are used by FW and driver when session is offloaded,\nonce session is uploaded these resources are not used. The lock is not\nrequired as these fields won\u0027t be used any longer. The offload and upload\ncalls are sequential, hence lock is not required.\n\nThis will suppress following BUG_ON():\n\n[  449.843143] ------------[ cut here ]------------\n[  449.848302] kernel BUG at mm/vmalloc.c:2727!\n[  449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[  449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1\nRebooting.\n[  449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016\n[  449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]\n[  449.882910] RIP: 0010:vunmap+0x2e/0x30\n[  449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 \u003c0f\u003e 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41\n[  449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206\n[  449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005\n[  449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000\n[  449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf\n[  449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000\n[  449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0\n[  449.953701] FS:  0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000\n[  449.962732] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0\n[  449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  449.993028] Call Trace:\n[  449.995756]  __iommu_dma_free+0x96/0x100\n[  450.000139]  bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]\n[  450.006171]  bnx2fc_upload_session+0xce/0x100 [bnx2fc]\n[  450.011910]  bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]\n[  450.018136]  fc_rport_work+0x103/0x5b0 [libfc]\n[  450.023103]  process_one_work+0x1e8/0x3c0\n[  450.027581]  worker_thread+0x50/0x3b0\n[  450.031669]  ? rescuer_thread+0x370/0x370\n[  450.036143]  kthread+0x149/0x170\n[  450.039744]  ? set_kthread_struct+0x40/0x40\n[  450.044411]  ret_from_fork+0x22/0x30\n[  450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls\n[  450.048497]  libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler\n[  450.159753] ---[ end trace 712de2c57c64abc8 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:24.251Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
        },
        {
          "url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
        },
        {
          "url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
        },
        {
          "url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
        }
      ],
      "title": "scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36919",
    "datePublished": "2024-05-30T15:29:14.486Z",
    "dateReserved": "2024-05-30T15:25:07.068Z",
    "dateUpdated": "2026-01-05T10:36:24.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52497 (GCVE-0-2023-52497)

Vulnerability from cvelistv5 – Published: 2024-02-29 15:52 – Updated: 2025-05-04 07:38

Title

erofs: fix lz4 inplace decompression

Summary

In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like most simple LZ77 algorithms, LZ4 expects the compressed data is arranged at the end of the decompressed buffer and it explicitly uses memmove() to handle overlapping: __________________________________________________________ |_ direction of decompression --> ____ |_ compressed data _| Although EROFS arranges compressed data like this, it typically maps two individual virtual buffers so the relative order is uncertain. Previously, it was hardly observed since LZ4 only uses memmove() for short overlapped literals and x86/arm64 memmove implementations seem to completely cover it up and they don't have this issue. Juhyung reported that EROFS data corruption can be found on a new Intel x86 processor. After some analysis, it seems that recent x86 processors with the new FSRM feature expose this issue with "rep movsb". Let's strictly use the decompressed buffer for lz4 inplace decompression for now. Later, as an useful improvement, we could try to tie up these two buffers together in the correct order.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9ff2d260b25df6fe1…
	https://git.kernel.org/stable/c/a0180e940cf1aefa7…
	https://git.kernel.org/stable/c/77cbc04a1a8610e30…
	https://git.kernel.org/stable/c/33bf23c9940dbd3a2…
	https://git.kernel.org/stable/c/f36d200a80a3ca025…
	https://git.kernel.org/stable/c/bffc4cc334c5bb31d…
	https://git.kernel.org/stable/c/3c12466b6b7bf1e56…

Impacted products

Vendor

Product

Version

Linux

Affected: 0ffd71bcc3a03ebb3551661a36052488369c4de9 , < 9ff2d260b25df6fe1341a79113d88fecf6bd553e (git)
Affected: 0ffd71bcc3a03ebb3551661a36052488369c4de9 , < a0180e940cf1aefa7d516e20b259ad34f7a8b379 (git)
Affected: 0ffd71bcc3a03ebb3551661a36052488369c4de9 , < 77cbc04a1a8610e303a0e0d74f2676667876a184 (git)
Affected: 0ffd71bcc3a03ebb3551661a36052488369c4de9 , < 33bf23c9940dbd3a22aad7f0cda4c84ed5701847 (git)
Affected: 0ffd71bcc3a03ebb3551661a36052488369c4de9 , < f36d200a80a3ca025532ed60dd1ac21b620e14ae (git)
Affected: 0ffd71bcc3a03ebb3551661a36052488369c4de9 , < bffc4cc334c5bb31ded54bc3cfd651735a3cb79e (git)
Affected: 0ffd71bcc3a03ebb3551661a36052488369c4de9 , < 3c12466b6b7bf1e56f9b32c366a3d83d87afb4de (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.76 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52497",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-07T16:13:41.821063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:41.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/decompressor.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9ff2d260b25df6fe1341a79113d88fecf6bd553e",
              "status": "affected",
              "version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
              "versionType": "git"
            },
            {
              "lessThan": "a0180e940cf1aefa7d516e20b259ad34f7a8b379",
              "status": "affected",
              "version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
              "versionType": "git"
            },
            {
              "lessThan": "77cbc04a1a8610e303a0e0d74f2676667876a184",
              "status": "affected",
              "version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
              "versionType": "git"
            },
            {
              "lessThan": "33bf23c9940dbd3a22aad7f0cda4c84ed5701847",
              "status": "affected",
              "version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
              "versionType": "git"
            },
            {
              "lessThan": "f36d200a80a3ca025532ed60dd1ac21b620e14ae",
              "status": "affected",
              "version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
              "versionType": "git"
            },
            {
              "lessThan": "bffc4cc334c5bb31ded54bc3cfd651735a3cb79e",
              "status": "affected",
              "version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
              "versionType": "git"
            },
            {
              "lessThan": "3c12466b6b7bf1e56f9b32c366a3d83d87afb4de",
              "status": "affected",
              "version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/decompressor.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix lz4 inplace decompression\n\nCurrently EROFS can map another compressed buffer for inplace\ndecompression, that was used to handle the cases that some pages of\ncompressed data are actually not in-place I/O.\n\nHowever, like most simple LZ77 algorithms, LZ4 expects the compressed\ndata is arranged at the end of the decompressed buffer and it\nexplicitly uses memmove() to handle overlapping:\n  __________________________________________________________\n |_ direction of decompression --\u003e ____ |_ compressed data _|\n\nAlthough EROFS arranges compressed data like this, it typically maps two\nindividual virtual buffers so the relative order is uncertain.\nPreviously, it was hardly observed since LZ4 only uses memmove() for\nshort overlapped literals and x86/arm64 memmove implementations seem to\ncompletely cover it up and they don\u0027t have this issue.  Juhyung reported\nthat EROFS data corruption can be found on a new Intel x86 processor.\nAfter some analysis, it seems that recent x86 processors with the new\nFSRM feature expose this issue with \"rep movsb\".\n\nLet\u0027s strictly use the decompressed buffer for lz4 inplace\ndecompression for now.  Later, as an useful improvement, we could try\nto tie up these two buffers together in the correct order."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:38:00.214Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9ff2d260b25df6fe1341a79113d88fecf6bd553e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379"
        },
        {
          "url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184"
        },
        {
          "url": "https://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847"
        },
        {
          "url": "https://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de"
        }
      ],
      "title": "erofs: fix lz4 inplace decompression",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52497",
    "datePublished": "2024-02-29T15:52:13.428Z",
    "dateReserved": "2024-02-20T12:30:33.305Z",
    "dateUpdated": "2025-05-04T07:38:00.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48655 (GCVE-0-2022-48655)

Vulnerability from cvelistv5 – Published: 2024-04-28 13:01 – Updated: 2025-05-04 08:20

Title

firmware: arm_scmi: Harden accesses to the reset domains

Summary

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7184491fc515f391a…
	https://git.kernel.org/stable/c/f2277d9e2a0d092c1…
	https://git.kernel.org/stable/c/1f08a1b26cfc53b77…
	https://git.kernel.org/stable/c/8e65edf0d37698f7a…
	https://git.kernel.org/stable/c/e9076ffbcaed5da6c…

Impacted products

Vendor

Product

Version

Linux

Affected: 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 , < 7184491fc515f391afba23d0e9b690caaea72daf (git)
Affected: 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 , < f2277d9e2a0d092c13bae7ee82d75432bb8b5108 (git)
Affected: 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 , < 1f08a1b26cfc53b7715abc46857c6023bb1b87de (git)
Affected: 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 , < 8e65edf0d37698f7a6cb174608d3ec7976baf49e (git)
Affected: 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 , < e9076ffbcaed5da6c182b144ef9f6e24554af268 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.277 , ≤ 5.4.* (semver)
Unaffected: 5.10.218 , ≤ 5.10.* (semver)
Unaffected: 5.15.71 , ≤ 5.15.* (semver)
Unaffected: 5.19.12 , ≤ 5.19.* (semver)
Unaffected: 6.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "7184491fc515",
                "status": "affected",
                "version": "95a15d80aa0d",
                "versionType": "custom"
              },
              {
                "lessThan": "f2277d9e2a0d",
                "status": "affected",
                "version": "95a15d80aa0d",
                "versionType": "custom"
              },
              {
                "lessThan": "1f08a1b26cfc",
                "status": "affected",
                "version": "95a15d80aa0d",
                "versionType": "custom"
              },
              {
                "lessThan": "8e65edf0d376",
                "status": "affected",
                "version": "95a15d80aa0d",
                "versionType": "custom"
              },
              {
                "lessThan": "e9076ffbcaed",
                "status": "affected",
                "version": "95a15d80aa0d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:5.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.4"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48655",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T04:01:14.973732Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T13:55:57.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T16:02:54.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240912-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/arm_scmi/reset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7184491fc515f391afba23d0e9b690caaea72daf",
              "status": "affected",
              "version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
              "versionType": "git"
            },
            {
              "lessThan": "f2277d9e2a0d092c13bae7ee82d75432bb8b5108",
              "status": "affected",
              "version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
              "versionType": "git"
            },
            {
              "lessThan": "1f08a1b26cfc53b7715abc46857c6023bb1b87de",
              "status": "affected",
              "version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
              "versionType": "git"
            },
            {
              "lessThan": "8e65edf0d37698f7a6cb174608d3ec7976baf49e",
              "status": "affected",
              "version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
              "versionType": "git"
            },
            {
              "lessThan": "e9076ffbcaed5da6c182b144ef9f6e24554af268",
              "status": "affected",
              "version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/arm_scmi/reset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.277",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.218",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.71",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.277",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.218",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.71",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.12",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Harden accesses to the reset domains\n\nAccessing reset domains descriptors by the index upon the SCMI drivers\nrequests through the SCMI reset operations interface can potentially\nlead to out-of-bound violations if the SCMI driver misbehave.\n\nAdd an internal consistency check before any such domains descriptors\naccesses."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:20:40.297Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268"
        }
      ],
      "title": "firmware: arm_scmi: Harden accesses to the reset domains",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48655",
    "datePublished": "2024-04-28T13:01:00.822Z",
    "dateReserved": "2024-02-25T13:44:28.317Z",
    "dateUpdated": "2025-05-04T08:20:40.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26889 (GCVE-0-2024-26889)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-07 19:59

Title

Bluetooth: hci_core: Fix possible buffer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534…
	https://git.kernel.org/stable/c/54a03e4ac1a41edf8…
	https://git.kernel.org/stable/c/d47e6c1932cee0295…
	https://git.kernel.org/stable/c/2e845867b4e279eff…
	https://git.kernel.org/stable/c/a41c8efe659caed0e…
	https://git.kernel.org/stable/c/8c28598a2c29201d2…
	https://git.kernel.org/stable/c/2edce8e9a99dd5e44…
	https://git.kernel.org/stable/c/81137162bfaa72787…

Impacted products

Vendor

Product

Version

Linux

Affected: 194ab82c1ea187512ff2f822124bd05b63fc9f76 , < 6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac (git)
Affected: b48595f5b1c6e81e06e164e7d2b7a30b1776161e , < 54a03e4ac1a41edf8a5087bd59f8241b0de96d3d (git)
Affected: ffb060b136dd75a033ced0fc0aed2882c02e8b56 , < d47e6c1932cee02954ea588c9f09fd5ecefeadfc (git)
Affected: bbec1724519ecd9c468d1186a8f30b7567175bfb , < 2e845867b4e279eff0a19ade253390470e07e8a1 (git)
Affected: dcda165706b9fbfd685898d46a6749d7d397e0c0 , < a41c8efe659caed0e21422876bbb6b73c15b5244 (git)
Affected: dcda165706b9fbfd685898d46a6749d7d397e0c0 , < 8c28598a2c29201d2ba7fc37539a7d41c264fb10 (git)
Affected: dcda165706b9fbfd685898d46a6749d7d397e0c0 , < 2edce8e9a99dd5e4404259d52e754fdc97fb42c2 (git)
Affected: dcda165706b9fbfd685898d46a6749d7d397e0c0 , < 81137162bfaa7278785b24c1fd2e9e74f082e8e4 (git)
Affected: d9ce7d438366431e5688be98d8680336ce0a0f8d (git)
Affected: a55d53ad5c86aee3f6da50ee73626008997673fa (git)
Affected: 5558f4312dca43cebfb9a1aab3d632be91bbb736 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T21:45:31.651235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T19:59:25.169Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac",
              "status": "affected",
              "version": "194ab82c1ea187512ff2f822124bd05b63fc9f76",
              "versionType": "git"
            },
            {
              "lessThan": "54a03e4ac1a41edf8a5087bd59f8241b0de96d3d",
              "status": "affected",
              "version": "b48595f5b1c6e81e06e164e7d2b7a30b1776161e",
              "versionType": "git"
            },
            {
              "lessThan": "d47e6c1932cee02954ea588c9f09fd5ecefeadfc",
              "status": "affected",
              "version": "ffb060b136dd75a033ced0fc0aed2882c02e8b56",
              "versionType": "git"
            },
            {
              "lessThan": "2e845867b4e279eff0a19ade253390470e07e8a1",
              "status": "affected",
              "version": "bbec1724519ecd9c468d1186a8f30b7567175bfb",
              "versionType": "git"
            },
            {
              "lessThan": "a41c8efe659caed0e21422876bbb6b73c15b5244",
              "status": "affected",
              "version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
              "versionType": "git"
            },
            {
              "lessThan": "8c28598a2c29201d2ba7fc37539a7d41c264fb10",
              "status": "affected",
              "version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
              "versionType": "git"
            },
            {
              "lessThan": "2edce8e9a99dd5e4404259d52e754fdc97fb42c2",
              "status": "affected",
              "version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
              "versionType": "git"
            },
            {
              "lessThan": "81137162bfaa7278785b24c1fd2e9e74f082e8e4",
              "status": "affected",
              "version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d9ce7d438366431e5688be98d8680336ce0a0f8d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a55d53ad5c86aee3f6da50ee73626008997673fa",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5558f4312dca43cebfb9a1aab3d632be91bbb736",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.19.297",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "5.4.259",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.10.199",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.15.137",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.328",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.1.60",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix possible buffer overflow\n\nstruct hci_dev_info has a fixed size name[8] field so in the event that\nhdev-\u003ename is bigger than that strcpy would attempt to write past its\nsize, so this fixes this problem by switching to use strscpy."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:05.384Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10"
        },
        {
          "url": "https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4"
        }
      ],
      "title": "Bluetooth: hci_core: Fix possible buffer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26889",
    "datePublished": "2024-04-17T10:27:42.814Z",
    "dateReserved": "2024-02-19T14:20:24.186Z",
    "dateUpdated": "2025-05-07T19:59:25.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26813 (GCVE-0-2024-26813)

Vulnerability from cvelistv5 – Published: 2024-04-05 08:24 – Updated: 2025-05-04 08:57

Title

vfio/platform: Create persistent IRQ handlers

Summary

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer dereference. Rather than register the IRQ relative to a valid trigger, register all IRQs in a disabled state in the device open path. This allows mask operations on the IRQ to nest within the overall enable state governed by a valid eventfd signal. This decouples @masked, protected by the @locked spinlock from @trigger, protected via the @igate mutex. In doing so, it's guaranteed that changes to @trigger cannot race the IRQ handlers because the IRQ handler is synchronously disabled before modifying the trigger, and loopback triggering of the IRQ via ioctl is safe due to serialization with trigger changes via igate. For compatibility, request_irq() failures are maintained to be local to the SET_IRQS ioctl rather than a fatal error in the open device path. This allows, for example, a userspace driver with polling mode support to continue to work regardless of moving the request_irq() call site. This necessarily blocks all SET_IRQS access to the failed index.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/07afdfd8a68f9eea8…
	https://git.kernel.org/stable/c/09452c8fcbd7817c0…
	https://git.kernel.org/stable/c/cc5838f19d39a5fef…
	https://git.kernel.org/stable/c/7932db06c82c5b2f4…
	https://git.kernel.org/stable/c/62d4e43a569b67929…
	https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7…
	https://git.kernel.org/stable/c/0f8d8f9c2173a5418…
	https://git.kernel.org/stable/c/675daf435e9f8e5a5…

Impacted products

Vendor

Product

Version

Linux

Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 09452c8fcbd7817c06e8e3212d99b45917e603a5 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < cc5838f19d39a5fef04c468199699d2a4578be3a (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 7932db06c82c5b2f42a4d1a849d97dba9ce4a362 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 62d4e43a569b67929eb3319780be5359694c8086 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < d6bedd6acc0bcb1e7e010bc046032e47f08d379f (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 0f8d8f9c2173a541812dd750529f4a415117eb29 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 675daf435e9f8e5a5eab140a9864dfad6668b375 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26813",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:36.972269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:44.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/platform/vfio_platform_irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "09452c8fcbd7817c06e8e3212d99b45917e603a5",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "cc5838f19d39a5fef04c468199699d2a4578be3a",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "7932db06c82c5b2f42a4d1a849d97dba9ce4a362",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "62d4e43a569b67929eb3319780be5359694c8086",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "d6bedd6acc0bcb1e7e010bc046032e47f08d379f",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "0f8d8f9c2173a541812dd750529f4a415117eb29",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "675daf435e9f8e5a5eab140a9864dfad6668b375",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/platform/vfio_platform_irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: Create persistent IRQ handlers\n\nThe vfio-platform SET_IRQS ioctl currently allows loopback triggering of\nan interrupt before a signaling eventfd has been configured by the user,\nwhich thereby allows a NULL pointer dereference.\n\nRather than register the IRQ relative to a valid trigger, register all\nIRQs in a disabled state in the device open path.  This allows mask\noperations on the IRQ to nest within the overall enable state governed\nby a valid eventfd signal.  This decouples @masked, protected by the\n@locked spinlock from @trigger, protected via the @igate mutex.\n\nIn doing so, it\u0027s guaranteed that changes to @trigger cannot race the\nIRQ handlers because the IRQ handler is synchronously disabled before\nmodifying the trigger, and loopback triggering of the IRQ via ioctl is\nsafe due to serialization with trigger changes via igate.\n\nFor compatibility, request_irq() failures are maintained to be local to\nthe SET_IRQS ioctl rather than a fatal error in the open device path.\nThis allows, for example, a userspace driver with polling mode support\nto continue to work regardless of moving the request_irq() call site.\nThis necessarily blocks all SET_IRQS access to the failed index."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:08.928Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
        },
        {
          "url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
        },
        {
          "url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
        }
      ],
      "title": "vfio/platform: Create persistent IRQ handlers",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26813",
    "datePublished": "2024-04-05T08:24:43.279Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-05-04T08:57:08.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26687 (GCVE-0-2024-26687)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:54 – Updated: 2025-05-04 08:54

Title

xen/events: close evtchn after mapping cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0x ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9470f5b2503cae994…
	https://git.kernel.org/stable/c/0fc88aeb2e32b76db…
	https://git.kernel.org/stable/c/ea592baf9e41779fe…
	https://git.kernel.org/stable/c/585a344af6bcac222…
	https://git.kernel.org/stable/c/20980195ec8d2e416…
	https://git.kernel.org/stable/c/9be71aa12afa91dfe…
	https://git.kernel.org/stable/c/fa765c4b4aed2d642…

Impacted products

Vendor

Product

Version

Linux

Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 9470f5b2503cae994098dea9682aee15b313fa44 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < ea592baf9e41779fe9a0424c03dd2f324feca3b3 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 585a344af6bcac222608a158fc2830ff02712af5 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 20980195ec8d2e41653800c45c8c367fa1b1f2b4 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 9be71aa12afa91dfe457b3fb4a444c42b1ee036b (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < fa765c4b4aed2d64266b694520ecb025c862c5a9 (git)

Linux

Affected: 2.6.37
Unaffected: 0 , < 2.6.37 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26687",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:07.213399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:32.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/events/events_base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9470f5b2503cae994098dea9682aee15b313fa44",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "ea592baf9e41779fe9a0424c03dd2f324feca3b3",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "585a344af6bcac222608a158fc2830ff02712af5",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "20980195ec8d2e41653800c45c8c367fa1b1f2b4",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "9be71aa12afa91dfe457b3fb4a444c42b1ee036b",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "fa765c4b4aed2d64266b694520ecb025c862c5a9",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/events/events_base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.37"
            },
            {
              "lessThan": "2.6.37",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: close evtchn after mapping cleanup\n\nshutdown_pirq and startup_pirq are not taking the\nirq_mapping_update_lock because they can\u0027t due to lock inversion. Both\nare called with the irq_desc-\u003elock being taking. The lock order,\nhowever, is first irq_mapping_update_lock and then irq_desc-\u003elock.\n\nThis opens multiple races:\n- shutdown_pirq can be interrupted by a function that allocates an event\n  channel:\n\n  CPU0                        CPU1\n  shutdown_pirq {\n    xen_evtchn_close(e)\n                              __startup_pirq {\n                                EVTCHNOP_bind_pirq\n                                  -\u003e returns just freed evtchn e\n                                set_evtchn_to_irq(e, irq)\n                              }\n    xen_irq_info_cleanup() {\n      set_evtchn_to_irq(e, -1)\n    }\n  }\n\n  Assume here event channel e refers here to the same event channel\n  number.\n  After this race the evtchn_to_irq mapping for e is invalid (-1).\n\n- __startup_pirq races with __unbind_from_irq in a similar way. Because\n  __startup_pirq doesn\u0027t take irq_mapping_update_lock it can grab the\n  evtchn that __unbind_from_irq is currently freeing and cleaning up. In\n  this case even though the event channel is allocated, its mapping can\n  be unset in evtchn_to_irq.\n\nThe fix is to first cleanup the mappings and then close the event\nchannel. In this way, when an event channel gets allocated it\u0027s\npotential previous evtchn_to_irq mappings are guaranteed to be unset already.\nThis is also the reverse order of the allocation where first the event\nchannel is allocated and then the mappings are setup.\n\nOn a 5.10 kernel prior to commit 3fcdaf3d7634 (\"xen/events: modify internal\n[un]bind interfaces\"), we hit a BUG like the following during probing of NVMe\ndevices. The issue is that during nvme_setup_io_queues, pci_free_irq\nis called for every device which results in a call to shutdown_pirq.\nWith many nvme devices it\u0027s therefore likely to hit this race during\nboot because there will be multiple calls to shutdown_pirq and\nstartup_pirq are running potentially in parallel.\n\n  ------------[ cut here ]------------\n  blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled\n  kernel BUG at drivers/xen/events/events_base.c:499!\n  invalid opcode: 0000 [#1] SMP PTI\n  CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1\n  Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006\n  Workqueue: nvme-reset-wq nvme_reset_work\n  RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0\n  Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff \u003c0f\u003e 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00\n  RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006\n  RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff\n  RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00\n  R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed\n  R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002\n  FS:  0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? show_trace_log_lvl+0x1c1/0x2d9\n   ? show_trace_log_lvl+0x1c1/0x2d9\n   ? set_affinity_irq+0xdc/0x1c0\n   ? __die_body.cold+0x8/0xd\n   ? die+0x2b/0x50\n   ? do_trap+0x90/0x110\n   ? bind_evtchn_to_cpu+0xdf/0xf0\n   ? do_error_trap+0x65/0x80\n   ? bind_evtchn_to_cpu+0xdf/0xf0\n   ? exc_invalid_op+0x4e/0x70\n   ? bind_evtchn_to_cpu+0xdf/0xf0\n   ? asm_exc_invalid_op+0x12/0x20\n   ? bind_evtchn_to_cpu+0xdf/0x\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:54:04.797Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5"
        },
        {
          "url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9"
        }
      ],
      "title": "xen/events: close evtchn after mapping cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26687",
    "datePublished": "2024-04-03T14:54:49.250Z",
    "dateReserved": "2024-02-19T14:20:24.154Z",
    "dateUpdated": "2025-05-04T08:54:04.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26840 (GCVE-0-2024-26840)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2025-05-04 08:57

Title

cachefiles: fix memory leak in cachefiles_add_cache()

Summary

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cb5466783793e6627…
	https://git.kernel.org/stable/c/037d5a949b0455540…
	https://git.kernel.org/stable/c/43eccc5823732ba6d…
	https://git.kernel.org/stable/c/94965be37add09836…
	https://git.kernel.org/stable/c/8b218e2f0a27a9f09…
	https://git.kernel.org/stable/c/38e921616320d1593…
	https://git.kernel.org/stable/c/9cac69912052a4def…
	https://git.kernel.org/stable/c/e21a2f17566cbd649…

Impacted products

Vendor

Product

Version

Linux

Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < cb5466783793e66272624cf71925ae1d1ba32083 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 037d5a949b0455540ef9aab34c10ddf54b65d285 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 43eccc5823732ba6daab2511ed32dfc545a666d8 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 94965be37add0983672e48ecb33cdbda92b62579 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 8b218e2f0a27a9f09428b1847b4580640b9d1e58 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 38e921616320d159336b0ffadb09e9fb4945c7c3 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 9cac69912052a4def571fedf1cb9bb4ec590e25a (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < e21a2f17566cbd64926fb8f16323972f7a064444 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.309 , ≤ 4.19.* (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26840",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:58:24.475717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:17.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/cache.c",
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb5466783793e66272624cf71925ae1d1ba32083",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "037d5a949b0455540ef9aab34c10ddf54b65d285",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "43eccc5823732ba6daab2511ed32dfc545a666d8",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "94965be37add0983672e48ecb33cdbda92b62579",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "8b218e2f0a27a9f09428b1847b4580640b9d1e58",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "38e921616320d159336b0ffadb09e9fb4945c7c3",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "9cac69912052a4def571fedf1cb9bb4ec590e25a",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "e21a2f17566cbd64926fb8f16323972f7a064444",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/cache.c",
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.309",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix memory leak in cachefiles_add_cache()\n\nThe following memory leak was reported after unbinding /dev/cachefiles:\n\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n  comm \"cachefilesd2\", pid 680, jiffies 4294881224\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc ea38a44b):\n    [\u003cffffffff8eb8a1a5\u003e] kmem_cache_alloc+0x2d5/0x370\n    [\u003cffffffff8e917f86\u003e] prepare_creds+0x26/0x2e0\n    [\u003cffffffffc002eeef\u003e] cachefiles_determine_cache_security+0x1f/0x120\n    [\u003cffffffffc00243ec\u003e] cachefiles_add_cache+0x13c/0x3a0\n    [\u003cffffffffc0025216\u003e] cachefiles_daemon_write+0x146/0x1c0\n    [\u003cffffffff8ebc4a3b\u003e] vfs_write+0xcb/0x520\n    [\u003cffffffff8ebc5069\u003e] ksys_write+0x69/0xf0\n    [\u003cffffffff8f6d4662\u003e] do_syscall_64+0x72/0x140\n    [\u003cffffffff8f8000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\n\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:42.799Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
        },
        {
          "url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
        },
        {
          "url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
        },
        {
          "url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
        }
      ],
      "title": "cachefiles: fix memory leak in cachefiles_add_cache()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26840",
    "datePublished": "2024-04-17T10:10:06.180Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2025-05-04T08:57:42.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35988 (GCVE-0-2024-35988)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:47 – Updated: 2025-05-04 09:10

Title

riscv: Fix TASK_SIZE on 64-bit NOMMU

Summary

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASK_SIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASK_SIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access routines.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/04bf2e5f95c1a52e2…
	https://git.kernel.org/stable/c/52e8a42b11078d2aa…
	https://git.kernel.org/stable/c/4201b8c8f2c32af32…
	https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0d…
	https://git.kernel.org/stable/c/efdcfa554b6eb2289…
	https://git.kernel.org/stable/c/6065e736f82c817c9…

Impacted products

Vendor

Product

Version

Linux

Affected: 6bd33e1ece528f67646db33bf97406b747dafda0 , < 04bf2e5f95c1a52e28a7567a507f926efe31c3b6 (git)
Affected: 6bd33e1ece528f67646db33bf97406b747dafda0 , < 52e8a42b11078d2aad4b9ba96503d77c7299168b (git)
Affected: 6bd33e1ece528f67646db33bf97406b747dafda0 , < 4201b8c8f2c32af321fb50867e68ac6c1cbed4be (git)
Affected: 6bd33e1ece528f67646db33bf97406b747dafda0 , < a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa (git)
Affected: 6bd33e1ece528f67646db33bf97406b747dafda0 , < efdcfa554b6eb228943ef1dd4d023c606be647d2 (git)
Affected: 6bd33e1ece528f67646db33bf97406b747dafda0 , < 6065e736f82c817c9a597a31ee67f0ce4628e948 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T15:03:33.366892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:26.327Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/include/asm/pgtable.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "04bf2e5f95c1a52e28a7567a507f926efe31c3b6",
              "status": "affected",
              "version": "6bd33e1ece528f67646db33bf97406b747dafda0",
              "versionType": "git"
            },
            {
              "lessThan": "52e8a42b11078d2aad4b9ba96503d77c7299168b",
              "status": "affected",
              "version": "6bd33e1ece528f67646db33bf97406b747dafda0",
              "versionType": "git"
            },
            {
              "lessThan": "4201b8c8f2c32af321fb50867e68ac6c1cbed4be",
              "status": "affected",
              "version": "6bd33e1ece528f67646db33bf97406b747dafda0",
              "versionType": "git"
            },
            {
              "lessThan": "a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa",
              "status": "affected",
              "version": "6bd33e1ece528f67646db33bf97406b747dafda0",
              "versionType": "git"
            },
            {
              "lessThan": "efdcfa554b6eb228943ef1dd4d023c606be647d2",
              "status": "affected",
              "version": "6bd33e1ece528f67646db33bf97406b747dafda0",
              "versionType": "git"
            },
            {
              "lessThan": "6065e736f82c817c9a597a31ee67f0ce4628e948",
              "status": "affected",
              "version": "6bd33e1ece528f67646db33bf97406b747dafda0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/include/asm/pgtable.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix TASK_SIZE on 64-bit NOMMU\n\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:00.431Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"
        }
      ],
      "title": "riscv: Fix TASK_SIZE on 64-bit NOMMU",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35988",
    "datePublished": "2024-05-20T09:47:54.391Z",
    "dateReserved": "2024-05-17T13:50:33.146Z",
    "dateUpdated": "2025-05-04T09:10:00.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26931 (GCVE-0-2024-26931)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2026-01-05 10:35

Title

scsi: qla2xxx: Fix command flush on cable pull

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc] RIP: 0010:__wake_up_common+0x4c/0x190 Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75 RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086 RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8 R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: __wake_up_common_lock+0x7c/0xc0 qla_nvme_ls_req+0x355/0x4c0 [qla2xxx] qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0 ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc] qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200. ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc] qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1 ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc] qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0 ? __switch_to+0x10c/0x450 ? process_one_work+0x1a7/0x360 qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201. ? worker_thread+0x1ce/0x390 ? create_worker+0x1a0/0x1a0 qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70 ? kthread+0x10a/0x120 qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8 ? set_kthread_struct+0x40/0x40 qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed. ? ret_from_fork+0x1f/0x40 qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout The system was under memory stress where driver was not able to allocate an SRB to carry out error recovery of cable pull. The failure to flush causes upper layer to start modifying scsi_cmnd. When the system frees up some memory, the subsequent cable pull trigger another command flush. At this point the driver access a null pointer when attempting to DMA unmap the SGL. Add a check to make sure commands are flush back on session tear down to prevent the null pointer access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b73377124f56d2fec…
	https://git.kernel.org/stable/c/d7a68eee87b05d4e2…
	https://git.kernel.org/stable/c/67b2d35853c2da25a…
	https://git.kernel.org/stable/c/a859f6a8f4234b8ef…
	https://git.kernel.org/stable/c/09c0ac18cac206ed1…
	https://git.kernel.org/stable/c/8de1584ec4fe0ebea…
	https://git.kernel.org/stable/c/8f0d32004e3a572bb…
	https://git.kernel.org/stable/c/ec7587eef003cab15…
	https://git.kernel.org/stable/c/a27d4d0e7de305def…

Impacted products

	Vendor	Product	Version
	Linux	Linux	Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < b73377124f56d2fec154737c2f8d2e839c237d5a (git) Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < d7a68eee87b05d4e29419e6f151aef99314970a9 (git) Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 67b2d35853c2da25a8ca1c4190a5e96d3083c2ac (git) Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a (git) Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 09c0ac18cac206ed1218b1fe6c1a0918e5ea9211 (git) Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 8de1584ec4fe0ebea33c273036e7e0a05e65c81d (git) Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 8f0d32004e3a572bb77e6c11c2797c87f8c9703d (git) Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < ec7587eef003cab15a13446d67c3adb88146a150 (git)

CERTFR-2024-AVI-0527

Solutions

Action not permitted

CERTFR-2024-AVI-0527

Solutions

CVE-2024-26782 (GCVE-0-2024-26782)

CVE-2024-36008 (GCVE-0-2024-36008)

CVE-2024-26771 (GCVE-0-2024-26771)

CVE-2023-52604 (GCVE-0-2023-52604)

CVE-2024-36288 (GCVE-0-2024-36288)

CVE-2024-0841 (GCVE-0-2024-0841)

CVE-2023-52672 (GCVE-0-2023-52672)

CVE-2024-35910 (GCVE-0-2024-35910)

CVE-2023-52637 (GCVE-0-2023-52637)

CVE-2024-38618 (GCVE-0-2024-38618)

CVE-2023-52491 (GCVE-0-2023-52491)

CVE-2024-26969 (GCVE-0-2024-26969)

CVE-2024-36905 (GCVE-0-2024-36905)

CVE-2024-36939 (GCVE-0-2024-36939)

CVE-2023-52679 (GCVE-0-2023-52679)

CVE-2024-35845 (GCVE-0-2024-35845)

CVE-2024-26696 (GCVE-0-2024-26696)

CVE-2024-36016 (GCVE-0-2024-36016)

CVE-2023-7042 (GCVE-0-2023-7042)

CVE-2024-26754 (GCVE-0-2024-26754)

CVE-2024-37353 (GCVE-0-2024-37353)

CVE-2024-38598 (GCVE-0-2024-38598)

CVE-2022-48627 (GCVE-0-2022-48627)

CVE-2024-36020 (GCVE-0-2024-36020)

CVE-2024-26640 (GCVE-0-2024-26640)

CVE-2024-27030 (GCVE-0-2024-27030)

CVE-2024-35854 (GCVE-0-2024-35854)

CVE-2024-27000 (GCVE-0-2024-27000)

CVE-2024-38582 (GCVE-0-2024-38582)

CVE-2024-26855 (GCVE-0-2024-26855)

CVE-2023-52635 (GCVE-0-2023-52635)

CVE-2024-24861 (GCVE-0-2024-24861)

CVE-2024-26773 (GCVE-0-2024-26773)

CVE-2024-36954 (GCVE-0-2024-36954)

CVE-2024-37356 (GCVE-0-2024-37356)

CVE-2024-36964 (GCVE-0-2024-36964)

CVE-2024-26809 (GCVE-0-2024-26809)

CVE-2024-27046 (GCVE-0-2024-27046)

CVE-2024-26633 (GCVE-0-2024-26633)

CVE-2024-26751 (GCVE-0-2024-26751)

CVE-2023-52644 (GCVE-0-2023-52644)

CVE-2024-26654 (GCVE-0-2024-26654)

CVE-2024-26763 (GCVE-0-2024-26763)

CVE-2023-52444 (GCVE-0-2023-52444)

CVE-2024-35852 (GCVE-0-2024-35852)

CVE-2024-26722 (GCVE-0-2024-26722)

CVE-2024-35849 (GCVE-0-2024-35849)

CVE-2024-35877 (GCVE-0-2024-35877)

CVE-2024-26641 (GCVE-0-2024-26641)

CVE-2024-27074 (GCVE-0-2024-27074)

CVE-2024-27044 (GCVE-0-2024-27044)

CVE-2024-26810 (GCVE-0-2024-26810)

CVE-2024-26825 (GCVE-0-2024-26825)

CVE-2024-26955 (GCVE-0-2024-26955)

CVE-2023-52690 (GCVE-0-2023-52690)

CVE-2023-52599 (GCVE-0-2023-52599)

CVE-2023-52669 (GCVE-0-2023-52669)

CVE-2024-26897 (GCVE-0-2024-26897)

CVE-2024-35935 (GCVE-0-2024-35935)

CVE-2024-35934 (GCVE-0-2024-35934)

CVE-2024-26883 (GCVE-0-2024-26883)

CVE-2024-38634 (GCVE-0-2024-38634)

CVE-2024-38560 (GCVE-0-2024-38560)

CVE-2024-26900 (GCVE-0-2024-26900)

CVE-2024-35976 (GCVE-0-2024-35976)

CVE-2024-26906 (GCVE-0-2024-26906)

CVE-2024-26863 (GCVE-0-2024-26863)

CVE-2024-39292 (GCVE-0-2024-39292)

CVE-2024-27413 (GCVE-0-2024-27413)

CVE-2024-36005 (GCVE-0-2024-36005)

CVE-2024-35830 (GCVE-0-2024-35830)

CVE-2024-35962 (GCVE-0-2024-35962)

CVE-2024-35955 (GCVE-0-2024-35955)

CVE-2024-35933 (GCVE-0-2024-35933)

CVE-2024-26852 (GCVE-0-2024-26852)

CVE-2024-35813 (GCVE-0-2024-35813)

CVE-2024-27020 (GCVE-0-2024-27020)